NEAS[.]b3a81fb0d9a41d8cb00bc62272621180_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b3a81fb0d9a41d8cb00bc62272621180_JC.exe
Size

5.0MB
MD5

b3a81fb0d9a41d8cb00bc62272621180
SHA1

009cf0519d9ae0727d635eccda2f912dda471ec0
SHA256

b4c173bf7f49fb891140d39fe14d843f597e4c11bdb890b7664d3c1251f547c6
SHA512

e7d9e23b1321718fc00c090291858cec0df88db7b155e3e0016bd70bdd7430869d19257dbdb76c39438b7e109c28ec3d02b9a891e350b0a3cbfc0e3340ba977f
SSDEEP

49152:9F1qA6UZ3JJHv92/HbjLbMLnuMhLf3CEAohe0No1W:9qvw3jHVC3IuILf39AoHow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b3a81fb0d9a41d8cb00bc62272621180_JC.exe

Files

NEAS.b3a81fb0d9a41d8cb00bc62272621180_JC.exe
.exe windows:4 windows x86

476cbd80afd84fb8fb9410e3544fa11a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetObjectA
GetDIBits
GetStockObject
GetDeviceGammaRamp
CreateFontA
GetGlyphOutlineA
SetPaletteEntries
SelectPalette
RealizePalette
CreatePalette
SetDIBColorTable
CreateDIBSection
GetPixel
SetPixel
SetTextColor
SetBkMode
GetTextExtentPoint32A
CreateFontIndirectA
GetTextMetricsA
DeleteDC
CreateCompatibleDC
AddFontResourceA
RemoveFontResourceA
DeleteObject
SetDeviceGammaRamp
SelectObject
BitBlt

advapi32

FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
AllocateAndInitializeSid
RegOpenKeyA

user32

DestroyAcceleratorTable
SetMenu
GetClassLongA
GetMenu
DestroyMenu
ClipCursor
RegisterClassA
SetRect
LoadMenuA
EnumDisplaySettingsA
ChangeDisplaySettingsA
PostQuitMessage
DefWindowProcA
SetCursor
CharNextExA
GetWindowTextA
wsprintfA
GetKeyState
SendMessageA
GetWindow
IsWindow
FindWindowA
SetFocus
ShowWindow
GetWindowLongA
GetIconInfo
CreateWindowExA
DestroyWindow
SetWindowTextA
GetFocus
CallWindowProcA
SetCursorPos
ClientToScreen
ScreenToClient
GetCursorPos
MessageBoxA
UpdateWindow
SetWindowPos
GetClientRect
GetDesktopWindow
AdjustWindowRect
PostMessageA
GetWindowThreadProcessId
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
PeekMessageA
RegisterHotKey
LoadAcceleratorsA
GetActiveWindow
CheckRadioButton
SetWindowLongA
EnableWindow
GetDC
ReleaseDC
DialogBoxParamA
IsDlgButtonChecked
GetSystemMetrics
GetDlgItem
EndDialog
GetWindowRect
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
MoveWindow
SetForegroundWindow

imm32

ImmGetCompositionStringA
ImmGetContext
ImmSetOpenStatus
ImmReleaseContext
ImmSetConversionStatus

kernel32

GetFileAttributesA
GetUserDefaultLCID
EnumSystemLocalesA
GetOEMCP
IsValidLocale
GetCPInfo
GetFileType
SetHandleCount
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
IsValidCodePage
GetSystemTimeAsFileTime
WideCharToMultiByte
Sleep
InterlockedExchange
lstrlenA
Beep
GetTickCount
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
IsDebuggerPresent
WaitForSingleObject
OpenProcess
GetLastError
CreateMutexA
CreateDirectoryA
SetCurrentDirectoryA
WinExec
SetFilePointer
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
SetUnhandledExceptionFilter
DeleteFileA
FindClose
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetSystemDirectoryA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
lstrcmpA
IsDBCSLeadByte
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FlushInstructionCache
FlushViewOfFile
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
ReleaseSemaphore
FreeEnvironmentStringsA
GetExitCodeThread
TerminateThread
SetThreadPriority
lstrcpynA
lstrcatA
UnhandledExceptionFilter
GetStdHandle
lstrcpyA
MulDiv
_lwrite
VirtualProtect
LoadLibraryExA
FormatMessageA
LocalFree
GetTimeFormatA
GetDateFormatA
ResetEvent
SetEvent
CreateEventA
FindNextFileA
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapSize
TlsGetValue
TlsFree
TlsAlloc
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStringTypeA
ExitThread
TlsSetValue
CreateThread
GetSystemTime
GetTimeZoneInformation
GetStartupInfoA
TerminateProcess
InterlockedIncrement
InterlockedDecrement
RaiseException
RtlUnwind
QueryPerformanceCounter
QueryPerformanceFrequency
SuspendThread
ResumeThread
ExitProcess
GetCurrentThread
GetWindowsDirectoryA
GlobalFree
GlobalAlloc
GlobalMemoryStatus
GetModuleFileNameA
SetLastError
GetVersion
Module32First
Module32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
OutputDebugStringA
HeapFree
GetSystemInfo
IsProcessorFeaturePresent
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
CreateFileW
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
GetFullPathNameA
lstrcmpiA
HeapAlloc
GetProcessHeap

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

sendto
recvfrom
WSAGetLastError
closesocket
WSAStartup
WSACleanup
bind
htons
gethostbyname
inet_ntoa
WSASocketA
setsockopt
WSAIoctl
shutdown
WSACreateEvent
getsockname
connect
getpeername
accept
getsockopt
WSASend
WSARecv
listen
WSACloseEvent
WSAGetOverlappedResult
WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent
inet_addr
socket
ntohs

dsound

ord11

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

mmioSetInfo
mmioSeek
mmioCreateChunk
mmioGetInfo
mmioAdvance
mmioRead
mmioAscend
mmioOpenA
mmioClose
timeGetTime
mmioWrite
timeSetEvent
timeKillEvent
mmioDescend

ddraw

DirectDrawCreateEx

ole32

CoUninitialize
CoInitialize

d3d9

Direct3DCreate9

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

476cbd80afd84fb8fb9410e3544fa11a

Headers

File Characteristics

Imports

gdi32

advapi32

user32

imm32

kernel32

shell32

ws2_32

dsound

version

winmm

ddraw

ole32

d3d9

iphlpapi

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 361KB - Virtual size: 361KB

.data Size: 302KB - Virtual size: 2.9MB

.rsrc Size: 39KB - Virtual size: 38KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 361KB - Virtual size: 361KB

.data
Size: 302KB - Virtual size: 2.9MB

.rsrc
Size: 39KB - Virtual size: 38KB