NEAS[.]9ce2bd4155131a6576c844b3cb7867ada4a78feaaa3dca598116d563bd727be7exe_JC[.]exe

General

Target

NEAS.9ce2bd4155131a6576c844b3cb7867ada4a78feaaa3dca598116d563bd727be7exe_JC.exe
Size

942KB
MD5

2cae8d4f94a171cc33f8d76fa4132a6b
SHA1

3a218db844f25eae0898e2cc283a50f5f2b7121c
SHA256

9ce2bd4155131a6576c844b3cb7867ada4a78feaaa3dca598116d563bd727be7
SHA512

1563d8a72c97d5a75e49265816f6b20d63b878a6f3702e3c762d62da451b2269c891a32c64bdaa2de897f5325bae4fa3034c2ae7112d3d9f4817dd99588943a5
SSDEEP

24576:e7q5r+SvOmM8vfiBTILREPK8KT6MRpYNYqD:Rr+ShNimMmT6gYq0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9ce2bd4155131a6576c844b3cb7867ada4a78feaaa3dca598116d563bd727be7exe_JC.exe

Files

NEAS.9ce2bd4155131a6576c844b3cb7867ada4a78feaaa3dca598116d563bd727be7exe_JC.exe
.exe windows:5 windows x86

f22da609299ca6c90da88f21224847f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetMappedFileNameW
GetModuleBaseNameW

kernel32

GetModuleHandleW
LockResource
LoadResource
FindResourceW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetModuleHandleA
VirtualProtect
LoadLibraryA
VirtualAlloc
VirtualFree
SetProcessAffinityMask
OpenProcess
GetCurrentProcessId
ExitProcess
ReadProcessMemory
CloseHandle
AllocConsole
AttachConsole
LoadLibraryW
Process32FirstW
Process32NextW
SetCurrentDirectoryW
VirtualQuery
GetProcessHeap
GetLastError
WriteFile
SetNamedPipeHandleState
lstrlenW
CreateFileW
WaitNamedPipeW
GetVersion
HeapAlloc
HeapReAlloc
HeapFree
GetFileSize
GetSystemInfo
FormatMessageW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetCommandLineA
GetCommandLineW
MapViewOfFileEx
GetProcAddress
GetModuleFileNameW
SetLastError
LocalFree
LocalAlloc
CreateToolhelp32Snapshot

advapi32

CryptDestroyHash
CryptHashData
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptDecrypt

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 907KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f22da609299ca6c90da88f21224847f8

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

advapi32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 907KB - Virtual size: 911KB

.CRT Size: 512B - Virtual size: 8B

.reloc Size: 1024B - Virtual size: 972B

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 907KB - Virtual size: 911KB

.CRT
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 972B