NEAS[.]d2852f9bdba12567605d562792f929e0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.d2852f9bdba12567605d562792f929e0_JC.exe
Size

140KB
MD5

d2852f9bdba12567605d562792f929e0
SHA1

2900c4d41d5e965d95d1d5157e513ee25ab6bbae
SHA256

645d3c1f7d5ea94e3d986ab69ac41ba3d5c8eaa18742b42da2c30d9afbb20dbc
SHA512

269702c783c73d666cf9f7d363f1dac14a021f788be1af54b5ebaad585951c598018d9f851815054a9aa68a9b12b9fbd144fc6cefebcf08f997db86cebc0a363
SSDEEP

3072:EmJzYfS9Mme73ZMhVF1pv7m9tVQvIE8Zi:EmJcfSQ3ZM/F1pEmi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d2852f9bdba12567605d562792f929e0_JC.exe

Files

NEAS.d2852f9bdba12567605d562792f929e0_JC.exe
.exe windows:6 windows x86

f3ae3a11a9e7f4629e662e145d65cea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord410
ord17

imm32

ImmEnumRegisterWordW
ImmSetCompositionStringA
ImmGetIMCLockCount
ImmCreateIMCC
ImmGetConversionListA
ImmGetIMEFileNameA

shlwapi

wnsprintfW

kernel32

LCMapStringEx
GetUserDefaultLocaleName
GetLocaleInfoEx
CompareStringEx
GetDateFormatEx
GetTimeFormatEx
HeapReAlloc
HeapSize
SetStdHandle
GetConsoleCP
FlushFileBuffers
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeLibrary
InterlockedExchange
Sleep
FatalAppExitA
GetModuleHandleW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
IsValidLocaleName
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentThreadId
GetCurrentThread
InterlockedIncrement
SetLastError
GetStartupInfoW
InitOnceExecuteOnce
DeleteCriticalSection
SetFilePointerEx
SetFilePointer
ReadConsoleW
GetConsoleMode
RtlUnwind
InitializeCriticalSectionAndSpinCount
WriteFile
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
AreFileApisANSI
GetProcAddress
InterlockedDecrement
GetLastError
IsProcessorFeaturePresent
DecodePointer
EncodePointer
IsDebuggerPresent
GetCommandLineA
WriteConsoleW
GetModuleHandleExW
SetEndOfFile
GetModuleFileNameW
GetFileType
lstrcpyW
CloseHandle
GetLocalTime
FindClose
VirtualAlloc
lstrlenW
MultiByteToWideChar
lstrcmpW
CreateFileW
ReadFile
MulDiv
GetTimeFormatW
GetProcessHeap
HeapFree
HeapAlloc
FindFirstFileW
GetFileSize
GetDateFormatW
GetCommandLineW
ExitProcess
EnumSystemLocalesEx
GetStringTypeW
GetTickCount64
FreeEnvironmentStringsW
GetStdHandle

mscms

UninstallColorProfileW
SpoolerCopyFileEvent
SetColorProfileHeader
GetPS2ColorRenderingDictionary
SelectCMM
OpenColorProfileW

shell32

DragAcceptFiles
ShellHookProc
ShellExecuteExA
Shell_NotifyIconA
CommandLineToArgvW
ShellAboutW

setupapi

SetupDiCreateDeviceInterfaceRegKeyA
SetupQueueRenameSectionW
SetupDiGetDeviceInterfaceAlias
SetupGetInfFileListA
SetupDiGetHwProfileList

wininet

GopherCreateLocatorW
InternetGetLastResponseInfoW
FindNextUrlCacheContainerA
InternetCheckConnectionA
FtpGetCurrentDirectoryA

user32

LoadAcceleratorsW
SetDlgItemInt
GetMenu
IsDialogMessageW
RegisterClassExW
LoadIconW
GetWindowTextW
GetDlgItem
EndDialog
LoadStringW
ShowWindow
CreateWindowExW
MessageBoxW
TranslateMessage
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
UpdateWindow
SetWindowTextW
WinHelpW
GetMonitorInfoW
CheckMenuItem
MonitorFromRect
DispatchMessageW
TranslateAccelerator
ScrollWindowEx
DdeSetQualityOfService
CheckRadioButton
GetClientRect
SetFocus
LoadCursorW
GetParent
DialogBoxParamW
PostMessageW
LoadImageW
RegisterWindowMessageW
GetMessageW
SetActiveWindow
GetDlgItemInt
TranslateAcceleratorW
DestroyWindow
GetSystemMetrics
GetWindowTextLengthW

gdi32

ExtTextOutW
GetTextExtentExPointW
StartDocW
EndPage
SetMapMode
EndDoc
GetTextExtentPoint32W
GetTextMetricsW
StartPage
DeleteDC
CreateFontIndirectW
GetDeviceCaps
DeleteObject
SelectObject

comdlg32

FindTextW
GetOpenFileNameW
ReplaceTextW
GetSaveFileNameW
PrintDlgW
ChooseFontW

advapi32

IsTextUnicode

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ae3a11a9e7f4629e662e145d65cea3

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

imm32

shlwapi

kernel32

mscms

shell32

setupapi

wininet

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 8KB