NEAS[.]3bb1789dc151ce5059ca5eae1e5b6b70_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3bb1789dc151ce5059ca5eae1e5b6b70_JC.exe
Size

5.4MB
MD5

3bb1789dc151ce5059ca5eae1e5b6b70
SHA1

6940fa213b7e7ce530479806dd4ea48ba8d270ea
SHA256

5dabea509f88a582874b2af41cbec3e4df851176846207ea32576078943653f1
SHA512

d419628bb26ee90496a333f8f8553a5772b6ca3c4ae47f441e1c1f32a8d758a5b4bc3bd9582ac028da9309e89ca0484aacc366d1a142f5ad908bbbe88eef7c04
SSDEEP

98304:JcLC8vM5GYz49UZOOmRhDQXxptFyW++X62uG2pkYks5T9hkwBgFjYV6o:JcLdMZBmReBc+K2uB2Xs3BSo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3bb1789dc151ce5059ca5eae1e5b6b70_JC.exe

Files

NEAS.3bb1789dc151ce5059ca5eae1e5b6b70_JC.exe
.exe windows:5 windows x86

9ef4f062c7759ada14db3236e5662a5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
GetCurrentDirectoryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
CreateDirectoryW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetTimeZoneInformation
UnhandledExceptionFilter
GetDriveTypeW
SetConsoleCtrlHandler
SetStdHandle
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
IsProcessorFeaturePresent
VirtualAlloc
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
AreFileApisANSI
HeapCreate
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetVersionExW
HeapValidate
GetFileAttributesExW
FlushViewOfFile
HeapCompact
LockFileEx
CreateFileMappingW
ConvertThreadToFiber
ConvertFiberToThread
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
MoveFileExW
CompareFileTime
VerifyVersionInfoW
PeekNamedPipe
WaitForMultipleObjects
GetModuleHandleExW
SleepEx
GetStdHandle
GetStringTypeW
LCMapStringW
QueryPerformanceFrequency
TryEnterCriticalSection
FormatMessageW
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
VirtualQuery
GetUserDefaultLCID
GetProfileIntA
SearchPathA
VerifyVersionInfoA
VerSetConditionMask
GetCurrentDirectoryA
SetErrorMode
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
GetACP
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
ResumeThread
SetThreadPriority
GetCurrentThread
lstrcmpA
GetThreadLocale
GetVolumeInformationA
UnlockFile
LockFile
GetFileTime
GetFileAttributesExA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
FreeResource
SetLastError
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile
ResetEvent
CompareStringA
GetPrivateProfileIntA
GetCommandLineW
SystemTimeToTzSpecificLocalTime
GetVersion
GetDiskFreeSpaceA
GetTempFileNameA
DeleteCriticalSection
HeapDestroy
DecodePointer
FindResourceExW
RaiseException
HeapReAlloc
HeapSize
FindResourceA
GetFullPathNameA
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
SetFilePointer
GetFileType
HeapFree
GetProcessHeap
HeapAlloc
TerminateThread
SetEvent
CreateThread
CreateEventA
ReleaseMutex
CreateMutexA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetWindowsDirectoryA
DuplicateHandle
MoveFileA
GetLogicalDrives
OutputDebugStringA
SetFileAttributesA
GetModuleFileNameW
FlushFileBuffers
ReadProcessMemory
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTime
Thread32Next
Thread32First
GetThreadContext
OpenThread
IsWow64Process
LocalAlloc
LoadLibraryW
GetModuleHandleW
TerminateProcess
WaitForSingleObject
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetDriveTypeA
GetDiskFreeSpaceExA
LocalFree
FormatMessageA
GetCurrentProcess
GetVersionExA
GetSystemInfo
OutputDebugStringW
GetFileSizeEx
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
Sleep
RemoveDirectoryW
GetFileAttributesW
GetLongPathNameW
GetCurrentThreadId
MultiByteToWideChar
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
lstrcpyA
lstrlenA
lstrcmpiA
GetLogicalDriveStringsA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
LoadLibraryA
FreeLibrary
GetTickCount
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetFileAttributesA
DeleteFileA
GetSystemDirectoryA
WritePrivateProfileStringA
WriteFile
CloseHandle
ReadFile
CreateFileA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetPrivateProfileStringA
CopyFileA
GetLongPathNameA
GetTempPathA
GetModuleFileNameA
GetLastError
SetFilePointerEx

user32

EnableMenuItem
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetClassLongA
SetMenuItemBitmaps
EqualRect
CopyRect
GetSysColor
GetMenuCheckMarkDimensions
GetKeyNameTextA
MapVirtualKeyA
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetWindowDC
DestroyMenu
InflateRect
SetRectEmpty
OffsetRect
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
DrawStateA
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
MapWindowPoints
AdjustWindowRectEx
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
GetAsyncKeyState
TrackMouseEvent
LoadImageW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
LoadCursorW
CopyAcceleratorTableA
InvalidateRgn
SetRect
GetNextDlgGroupItem
MessageBeep
EnumDisplayMonitors
IsZoomed
GetSystemMenu
SetWindowRgn
NotifyWinEvent
PtInRect
CreatePopupMenu
SendMessageA
GetCursorPos
ScreenToClient
GetClientRect
LoadImageA
GetSystemMetrics
GetParent
ClientToScreen
LoadMenuW
GetSubMenu
TrackPopupMenu
SetPropA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetPropA
RemovePropA
IntersectRect
IsRectEmpty
GetWindowLongA
GetDesktopWindow
GetWindow
GetTopWindow
IsWindow
IsWindowVisible
IsWindowEnabled
GetWindowThreadProcessId
CreateWindowExA
GetDlgItem
MessageBoxA
CharUpperA
LoadBitmapW
GetMenuState
DeleteMenu
FindWindowExA
UpdateLayeredWindow
SetCursorPos
RedrawWindow
CharNextA
InvalidateRect
UpdateWindow
GetMenuItemInfoA
UnregisterClassA
SetWindowTextA
GetDlgCtrlID
SetMenuItemInfoA
GetClassNameA
DestroyWindow
SetWindowLongA
ShowWindow
SetLayeredWindowAttributes
SetTimer
KillTimer
SystemParametersInfoA
CallWindowProcA
GetFocus
RegisterWindowMessageA
LoadIconW
IsIconic
DrawIcon
CheckMenuItem
GetDoubleClickTime
SetForegroundWindow
GetMonitorInfoA
MonitorFromWindow
DestroyIcon
CopyIcon
GetDC
FillRect
TranslateMessage
DispatchMessageA
PostQuitMessage
ReleaseDC
SendDlgItemMessageA
SetFocus
GetDlgItemTextA
WinHelpA
DefWindowProcA
LoadCursorA
LoadIconA
GetMessageA
GetMenuStringA
GetMenuItemID
InsertMenuA
AppendMenuA
RemoveMenu
MoveWindow
MonitorFromPoint
DrawFocusRect
DrawIconEx
GetIconInfo
HideCaret
InvertRect
SetClassLongA
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawEdge
DrawFrameControl
BringWindowToTop
FrameRect
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatA
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
LockWindowUpdate
CharUpperBuffA
ModifyMenuA
PostThreadMessageA
GetComboBoxInfo
IsCharLowerA
MapVirtualKeyExA
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SetDlgItemTextA
CheckDlgButton
GetWindowTextA
GetWindowTextLengthA
IsDialogMessageA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetActiveWindow
SetActiveWindow
PeekMessageA
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
GetClassInfoExA
IsMenu
GetWindowRgn
IsChild
GetWindowPlacement
SetWindowPlacement
DestroyCursor
CreateMenu
EnableWindow
PostMessageA
SetWindowPos
GetWindowRect
UnionRect
GetMenuItemCount
EnableScrollBar
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SubtractRect
GetMenuDefaultItem
FindWindowA
SetMenuDefaultItem
GetKeyState
GetCapture
GetMenu
SetMenu
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos

gdi32

EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
LPtoDP
OffsetRgn
Rectangle
RoundRect
ExtFloodFill
CreateRectRgnIndirect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceA
CreateDIBitmap
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
CreateCompatibleBitmap
GetRgnBox
GetTextColor
GetBkColor
GetTextMetricsA
DPtoLP
SetRectRgn
GetStockObject
DeleteDC
DeleteObject
SelectObject
CopyMetaFileA
CreateDCA
GetDeviceCaps
SetBkColor
SetTextColor
GetObjectA
PatBlt
CreateBitmap
GetMapMode
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
CombineRgn
SetPaletteEntries
EnumFontFamiliesExA

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CryptGetProvParam
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
SystemFunction036
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueA
RegEnumKeyA
ControlService
RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegCloseKey
RegQueryValueExW
RegOpenKeyW
GetTokenInformation
ImpersonateLoggedOnUser
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CryptGetUserKey

shell32

SHAppBarMessage
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA
SHGetMalloc
CommandLineToArgvW
Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish
ShellExecuteA

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_SetBkColor
ImageList_ReplaceIcon
_TrackMouseEvent

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA

uxtheme

IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
GetThemeSysColor
OpenThemeData
DrawThemeParentBackground
DrawThemeText
IsAppThemed
GetWindowTheme
GetThemePartSize
CloseThemeData

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysFreeString

oledlg

ord8

gdiplus

GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipFree
GdipCreateBitmapFromHBITMAP

userenv

UnloadUserProfile

dskinlite

dsSetDrawItemSelfPaint
dsExitSkin
dsLoadSkin
dsInitKeys
dsSetEventItemVisibleEx2
dsSetDrawItemValueEx
dsSetDrawItemVisible
dsSetDrawItemValue
dsSkinWindow

ws2_32

ioctlsocket
ntohs
connect
WSAIoctl
shutdown
closesocket
sendto
getnameinfo
WSAStartup
WSAGetLastError
__WSAFDIsSet
send
recvfrom
freeaddrinfo
getaddrinfo
accept
WSASetLastError
select
gethostname
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACleanup
recv
socket
htonl
getsockopt
getsockname
getpeername
htons
setsockopt
bind
listen

crypt32

CertOpenStore
CertOpenSystemStoreW
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetIntendedKeyUsage

wtsapi32

WTSQueryUserToken

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord145
ord219
ord46

filepackage

CheckAdminOTPCode
GetLicenseInfo

iphlpapi

GetAdaptersInfo
GetIfEntry

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Exports

Exports

sqlite3_carray_init
sqlite3_csv_init
sqlite3_series_init

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ef4f062c7759ada14db3236e5662a5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

userenv

dskinlite

ws2_32

crypt32

wtsapi32

wldap32

filepackage

iphlpapi

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 903KB - Virtual size: 902KB

.data Size: 93KB - Virtual size: 143KB

.gfids Size: 109KB - Virtual size: 109KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 241KB - Virtual size: 241KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 903KB - Virtual size: 902KB

.data
Size: 93KB - Virtual size: 143KB

.gfids
Size: 109KB - Virtual size: 109KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 241KB - Virtual size: 241KB