NEAS[.]1e8f3bddb06ac004dfba9d59807b3e50_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1e8f3bddb06ac004dfba9d59807b3e50_JC.exe
Size

1.4MB
MD5

1e8f3bddb06ac004dfba9d59807b3e50
SHA1

6294fb73c97b8d09246cf9b315f805922f977fd0
SHA256

e8c6ea331f46f7aa6a4518f1e48d9e0cc8816840a907dec08c5f9f12c0f9fad9
SHA512

47dfbf42578031e10ebfb6895234893abe7449c14ace58695c59b9caea8ccb18f9a34b327136131dbf393c50f40b632aed6faf8d9b15f75d3c64383ebca129a2
SSDEEP

24576:D0J77QDjuFkuJnqe4qRQhQePCd9l6kf/a69rjEkOI2Y:AJ774fc5CoEkOI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1e8f3bddb06ac004dfba9d59807b3e50_JC.exe

Files

NEAS.1e8f3bddb06ac004dfba9d59807b3e50_JC.exe
.dll windows:6 windows x86

e0895a0d7b74d346a64e786231f91470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
_amsg_exit
??1type_info@@UAE@XZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_ftol2_sse
_wcsnicmp
_callnewh
free
_mbscpy
memcpy
wcsstr
wcscat_s
_wcsdup
??0exception@@QAE@XZ
__CxxFrameHandler3
wcsncpy_s
strrchr
wcscpy_s
iswspace
iswcntrl
wcsncmp
_CxxThrowException
_wcsicmp
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
_wsplitpath_s
iswalpha
swscanf
malloc
_XcptFilter
_wcsnset
memset
wcsrchr
wcschr
_vsnwprintf

fxsapi

FaxAccessCheckEx
FaxSendDocumentExW
FaxGetRecipientsLimit
FaxFreeSenderInformation
FaxConnectFaxServerW
FaxGetPersonalCoverPagesOption
FaxGetReceiptsOptions
FaxClose
FaxGetSenderInformation

kernel32

GetVersionExW
GetComputerNameW
lstrlenW
ExpandEnvironmentStringsW
FreeLibrary
GetProcAddress
CreateDirectoryW
GetFileAttributesW
ReadFile
HeapCreate
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetModuleFileNameW
SetFilePointer
GetFileSize
OutputDebugStringW
SetEndOfFile
UnmapViewOfFile
GetFullPathNameW
MapViewOfFileEx
CreateFileMappingW
CopyFileW
GetCurrentThread
LocalFree
SetLastError
MulDiv
FindFirstFileW
GetLastError
FindNextFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
OpenMutexW
CreateMutexW
CreateEventW
SetEnvironmentVariableW
WaitForMultipleObjects
ReleaseMutex
CreateProcessW
MapViewOfFile
VirtualAlloc
VirtualFree
InterlockedCompareExchange
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
GetSystemTime
SystemTimeToFileTime
lstrlenA
GetTempFileNameW
GetTickCount
LoadLibraryW
DisableThreadLibraryCalls
CreateFileW
WriteFile
CloseHandle
MoveFileW
DeleteFileW
GetProfileIntW
GetTempPathW
GetFileType

advapi32

RegQueryValueW
GetTraceEnableFlags
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
GetTokenInformation
ReportEventW
GetTraceEnableLevel
GetTraceLoggerHandle
IsValidSid
GetLengthSid
CopySid
RegisterTraceGuidsW
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
UnregisterTraceGuids
TraceMessage

winspool.drv

FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification
GetJobW
SetJobW
DocumentPropertiesW
EnumPrintersW
OpenPrinterW
GetPrinterW
ClosePrinter

gdi32

CreateDCW
GetObjectW
StartDocW
EndDoc
GetDeviceCaps
EndPage
StartPage
SetMapMode
DeleteObject
TextOutW
GetTextExtentExPointW
GetTextMetricsW
SetBkMode
SelectObject
GetStockObject
DeleteDC
StretchDIBits
CreateFontIndirectW

user32

MessageBoxW
WinHelpW
MessageBeep
DialogBoxParamW
CreateWindowExW
GetWindowTextW
InvalidateRect
UpdateWindow
EndDialog
CheckDlgButton
GetWindowContextHelpId
BeginPaint
EndPaint
SetWindowTextW
LoadStringW
SendMessageW
IsDlgButtonChecked
GetDlgItem
EnableWindow

shell32

SHGetFolderPathAndSubDirW
SHSetLocalizedName
SHGetFolderPathW
ShellExecuteExW

mapi32

ord62
ord17
ord140
ord75
ord82
ord185

comdlg32

ChooseFontW

tapi32

lineInitializeExW
lineSetCurrentLocation
lineGetTranslateCapsW
lineTranslateAddressW
lineShutdown
lineTranslateDialogW

Exports

Exports

ServiceEntry
XPProviderInit

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0895a0d7b74d346a64e786231f91470

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

fxsapi

kernel32

advapi32

winspool.drv

gdi32

user32

shell32

mapi32

comdlg32

tapi32

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 432KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 151KB - Virtual size: 151KB

.text
Size: 432KB - Virtual size: 432KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 151KB - Virtual size: 151KB