NEAS[.]b0ab31e02bbb250636020b3d78fc6030f115316160023b0db90362fca76597a1dll_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.b0ab31e02bbb250636020b3d78fc6030f115316160023b0db90362fca76597a1dll_JC.exe
Size

68KB
MD5

9974e1d529f3b14ce4a5541cd5d8e788
SHA1

84d37624f738216a900b04d94dc133c9d7e35511
SHA256

b0ab31e02bbb250636020b3d78fc6030f115316160023b0db90362fca76597a1
SHA512

6e4323dcf0eefc5a745b973701d7f406359a5e4b74c2dc6dd0b267dc40aad8aa4da41c36c81a304d9015bb209a32239a3f349e4e5ef0778da067f5be2deb1ef7
SSDEEP

768:Z0jzIzUiq3fcd12rFieAzAmY+3lQ7wJiQEZrl0VtmLUOlZqSfZ1t7I:Z0HIzUlfcdeFAYeQ7TFrqtmLUOPV1l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b0ab31e02bbb250636020b3d78fc6030f115316160023b0db90362fca76597a1dll_JC.exe

Files

NEAS.b0ab31e02bbb250636020b3d78fc6030f115316160023b0db90362fca76597a1dll_JC.exe
.dll windows:4 windows x86

f34a76490ed9332cb045cb34816b469a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DefWindowProcA
CharPrevA
SetCapture

advapi32

ObjectOpenAuditAlarmA

ws2_32

recvfrom
getprotobyname

kernel32

HeapCreate
LCMapStringW
LCMapStringA
GetStringTypeW
GetSystemPowerStatus
GetPrivateProfileSectionW
SetLocalTime
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA

Exports

Exports

Dishonorableness
Ejection
Haywards
Herm
Multiprocessors
Smooch

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34a76490ed9332cb045cb34816b469a

Headers

File Characteristics

Imports

user32

advapi32

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 8KB - Virtual size: 4KB