NEAS[.]fa056177b8cd883118710313408366e0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fa056177b8cd883118710313408366e0_JC.exe
Size

2.5MB
MD5

fa056177b8cd883118710313408366e0
SHA1

7402423ecfc8ce8b7482bb0337b2acfce627969e
SHA256

9549553960c00c0a13d35803e5bf4035fef0530bf78449835588a8d4dc82826a
SHA512

bec8e36dc8f69e36ba5223843dd34aa5d33a38eb3f11ed74daeb812f1331d4c5135f0129c47e4607168a0d4216ec67730a8c8449367ac2d01418a22f62cf20ce
SSDEEP

49152:O95uurlTcNJDV45exXAwetNwusW2iV92NkvdI3Ok:6uurkXxQwqwusWhwWvdI3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.fa056177b8cd883118710313408366e0_JC.exe

Files

NEAS.fa056177b8cd883118710313408366e0_JC.exe
.dll regsvr32 windows:6 windows x86

ea697b07ff40ad419f9249acec89ee62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

activeds

ord3

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegGetValueW
RegEnumValueW
EventUnregister
EventRegister
EventWriteTransfer
RegEnumValueA
RegDeleteValueA
RegDeleteKeyExW

comctl32

ImageList_AddMasked
ImageList_Create

comdlg32

GetSaveFileNameW

gdi32

SetBkColor
RestoreDC
DeleteDC
TextOutW
SetTextAlign
GetDeviceCaps
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
SetTextColor
GetClipRgn
SelectClipRgn
SelectObject
GetStockObject
Rectangle
CreateFontIndirectW
CreateRectRgn
GetObjectW
CreateSolidBrush
DeleteObject

kernel32

CreateFileW
CloseHandle
MulDiv
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesExW
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
GetCurrentThreadId
LoadLibraryExW
GetUserDefaultLCID
MultiByteToWideChar
lstrcmpiW
GetModuleHandleExA
EncodePointer
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
ReadFile
WriteFile
SetFilePointerEx
GetFileSizeEx
LocalAlloc
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetFileSize
WaitForSingleObjectEx
OutputDebugStringA
GetModuleHandleA
GetUserDefaultLocaleName
IsValidCodePage
FileTimeToSystemTime
GetStringTypeExW
GetCurrentProcess
GetTickCount64
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
GetCurrentProcessId
LoadLibraryA
GetFileType
SetCurrentDirectoryW
DeleteFileW
GetCurrentDirectoryW
GetModuleFileNameW
RemoveDirectoryW
TlsSetValue
FlsGetValue
FlsSetValue
TlsAlloc
TlsGetValue
TlsFree
FlsFree
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventExW
GetModuleHandleExW
CompareStringEx
GetLongPathNameW
UnmapViewOfFile
GetLocaleInfoEx
LocaleNameToLCID
LCIDToLocaleName
ResolveLocaleName
EnumSystemLocalesEx
GetSystemDefaultLocaleName
ResetEvent
CreateEventW
WaitForMultipleObjectsEx
CreateWaitableTimerW
QueryDepthSList
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
IsDebuggerPresent
OutputDebugStringW
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
FindResourceW
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
VirtualQuery
VirtualProtect
GetSystemInfo
QueryPerformanceCounter
SetEvent
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrlenA
GetACP
GetUserPreferredUILanguages
LoadResource
SizeofResource
GetModuleHandleW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
LockResource

ole32

CoCreateInstance
DoDragDrop
CoLockObjectExternal
ReleaseStgMedium
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromProgID
CoCreateFreeThreadedMarshaler
CoCreateGuid

oleaut32

SysStringLen
VariantClear
VariantInit
SysFreeString
SysAllocStringLen
SysAllocStringByteLen
SysAllocString
VariantChangeType
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
VarBstrCmp
VarBstrCat

vcruntime140

__std_terminate
wcsstr
_purecall
wcsrchr
wcschr
__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
__CxxFrameHandler3
memcpy
memcmp
_CxxThrowException
__std_type_info_compare
memmove
memset
_except_handler4_common

msvcp140

_Thrd_yield
_Mtx_trylock
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
_Thrd_id
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
_Thrd_sleep
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??Bid@locale@std@@QAEIXZ
?_Xbad_function_call@std@@YAXXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Query_perf_counter
_Query_perf_frequency
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z

api-ms-win-crt-heap-l1-1-0

free
realloc
calloc
malloc
_recalloc

api-ms-win-crt-string-l1-1-0

wcscpy_s
_stricmp
wcstok_s
strncat_s
wmemcpy_s
_strlwr_s
wcsnlen
wcsncpy_s
strcmp
strncmp
_wcsicmp
strnlen
_towupper_l
wcscat_s
wcscmp
wcscspn
wcsncat_s
towlower
isdigit
strcat_s
strncpy_s

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_errno
terminate
_invalid_parameter_noinfo
_cexit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr

api-ms-win-crt-convert-l1-1-0

_wtoi
_itow_s
_i64tow_s
_itoa_s
_ultoa_s

api-ms-win-crt-locale-l1-1-0

_create_locale
__initialize_lconv_for_unsigned_char

api-ms-win-crt-math-l1-1-0

round
_except1

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 298KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 816KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea697b07ff40ad419f9249acec89ee62

Headers

DLL Characteristics

File Characteristics

Imports

activeds

advapi32

comctl32

comdlg32

gdi32

kernel32

ole32

oleaut32

vcruntime140

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 354KB - Virtual size: 354KB

.data Size: 298KB - Virtual size: 325KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 816KB - Virtual size: 820KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 354KB - Virtual size: 354KB

.data
Size: 298KB - Virtual size: 325KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 816KB - Virtual size: 820KB