NEAS[.]ebac51b06c07c5e6ae5260642cb8b310_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ebac51b06c07c5e6ae5260642cb8b310_JC.exe
Size

364KB
MD5

ebac51b06c07c5e6ae5260642cb8b310
SHA1

3a78dc2cf8bca3dbc574bd5314444c919d226ae6
SHA256

e90a0e1948e1dd76d2734ee9c0b41384b6fad6760fa7534f9be71a44778e8455
SHA512

95137be8665a84ef78bbbf7b4e2a64cfbdd3a93e7991bfdf5a6620a4f59bac7c4b9667aa6f037a2659bb546e03a164967396cab0b9285e03b1e384d480344c81
SSDEEP

6144:b6B+Sc2uv5xbRSW+T5gK2Q20pxUFEwg5vX/oxsUeBrLFhGIm5:b6B02uhSbtz2QDI61/9UWFhVo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ebac51b06c07c5e6ae5260642cb8b310_JC.exe

Files

NEAS.ebac51b06c07c5e6ae5260642cb8b310_JC.exe
.exe windows:4 windows x86

d721e0ceb72d2d6c91c9359aaa55add9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

storm

ord422
ord423
ord425
ord501
ord578
ord401
ord426
ord403

d2sound

ord10000
ord10001

d2win

ord10205
ord10002
ord10000
ord10174
ord10001
ord10171
ord10036
ord10037

d2gfx

ord10011
ord10027
ord10015
ord10018
ord10020
ord10001

fog

ord10089
ord10019
ord10021
ord10042
ord10043
ord10116
ord10082
ord10218
ord10227
ord10090
ord10143
ord10101

kernel32

SetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetVersion
SetEnvironmentVariableA
CompareStringW
SetEvent
OpenEventA
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
GetCurrentDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
CompareStringA
VirtualFree
HeapCreate
GetLocaleInfoW
GetTimeZoneInformation
CloseHandle
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
IsValidLocale
IsValidCodePage
HeapFree
RtlUnwind
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
HeapAlloc
InitializeCriticalSection
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
Sleep
LCMapStringA
LCMapStringW
FlushFileBuffers
GetSystemTime
GetLocalTime

user32

MessageBoxA

advapi32

OpenServiceA
OpenSCManagerA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
CloseServiceHandle
RegSetValueExA
CreateServiceA
RegEnumValueA
RegCreateKeyA
StartServiceCtrlDispatcherA
RegOpenKeyA
RegCloseKey

d2mcpclient

ord10001

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cms_t
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cms_d
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d721e0ceb72d2d6c91c9359aaa55add9

Headers

File Characteristics

Imports

storm

d2sound

d2win

d2gfx

fog

kernel32

user32

advapi32

d2mcpclient

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 22KB

.cms_t Size: 80KB - Virtual size: 80KB

.cms_d Size: 176KB - Virtual size: 173KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 22KB

.cms_t
Size: 80KB - Virtual size: 80KB

.cms_d
Size: 176KB - Virtual size: 173KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 16KB - Virtual size: 12KB