NEAS[.]4ee5cfb68e56a5ba61248ae92c60e8c0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4ee5cfb68e56a5ba61248ae92c60e8c0_JC.exe
Size

212KB
MD5

4ee5cfb68e56a5ba61248ae92c60e8c0
SHA1

50f064a2cb91284130f99637d2756ac07af85b01
SHA256

e3698280ff0c7769c1cdacf302688735cf4ab632989e1312d2a45747e79f5df2
SHA512

b173c595a8f7d66000ae5bf88abc7d411a5af01c5ac2ef73a162199f2f77404654a7f08a9e3e2f3319f5002459cbcb953311641af525f627e077ebeb7240dc4f
SSDEEP

3072:tWLvun+3wdpugco/89ClzK0UPI7Txi9jv19DkRHzM2HOlomD:ALWn+gdpugcok9C9OPI7gGzM+N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4ee5cfb68e56a5ba61248ae92c60e8c0_JC.exe

Files

NEAS.4ee5cfb68e56a5ba61248ae92c60e8c0_JC.exe
.dll windows:6 windows x64

9897a2efd2c27ee50b0ed9d498ccd390

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

gdi32

InvertRgn
GetMiterLimit
DeleteObject
PtInRegion
RestoreDC
SetStretchBltMode
Ellipse
SetBkColor
MoveToEx
RectInRegion
GetTextColor
SetArcDirection
Polygon
GetViewportExtEx
GetObjectW
SetViewportOrgEx
Rectangle
ExtCreatePen
CreatePen
LineTo
SetBkMode
GetGraphicsMode
EndPath
SetTextColor
GetTextExtentPoint32W
DeleteDC
SetPixelV
OffsetRgn
GetTextAlign
GetPixel
SetPolyFillMode
EqualRgn
CreatePatternBrush
GetTextMetricsW
StrokeAndFillPath
StrokePath
SetViewportExtEx
EnumFontFamiliesW
SetMiterLimit
GetWindowOrgEx
Polyline
CreatePolygonRgn
ArcTo
ExtFloodFill
PathToRegion
SetWindowExtEx
PolyBezier
GetPath
CreateRoundRectRgn
GetCurrentPositionEx
PolyBezierTo
CreateRectRgnIndirect
GetStockObject
CreateEllipticRgnIndirect
SetWindowOrgEx
CreateDCW
ResetDCW
PaintRgn
Chord
CreateHatchBrush
BeginPath
GetStretchBltMode
CreateBrushIndirect
GetTextFaceW
GetTextCharacterExtra
FrameRgn
AbortPath
StretchBlt
SetGraphicsMode
PatBlt
SetPixel
CreateCompatibleDC
FillPath
GetBkMode
Arc
GetWindowExtEx
SelectObject
Pie
SaveDC
PolylineTo
CreateCompatibleBitmap
BitBlt
GetPolyFillMode
SetRectRgn
GetBkColor
CloseFigure
SetMapMode
CreateSolidBrush
CreateBitmap
SetROP2
CreateFontIndirectW
GetCurrentObject
SetTextAlign
CombineRgn
FlattenPath
GetMapMode
GetObjectType
RoundRect
FillRgn
ExtTextOutW
SetTextCharacterExtra
GetRgnBox
WidenPath
GetROP2
GetArcDirection
GetViewportOrgEx

user32

FindWindowW
ScrollWindowEx
LoadIconW
TranslateMessage
TranslateAcceleratorW
BringWindowToTop
SetCapture
DestroyMenu
FlashWindow
CreateAcceleratorTableW
EnumWindows
SetMenu
MoveWindow
IsWindowEnabled
DialogBoxIndirectParamW
GetForegroundWindow
GetSysColor
GetTopWindow
RegisterHotKey
GetDlgItemTextW
DrawFocusRect
SetMenuDefaultItem
CreateIconFromResource
SetDoubleClickTime
FrameRect
GetDoubleClickTime
ValidateRect
SetWindowPlacement
RegisterClassW
SetDlgItemTextW
WindowFromDC
CreateCaret
IsChild
PaintDesktop
EnumPropsExW
PeekMessageW
DestroyAcceleratorTable
SetMenuItemInfoW
DefDlgProcW
ClientToScreen
GetDlgCtrlID
CreateIconIndirect
DestroyIcon
GetMenuDefaultItem
IsDialogMessageW
RedrawWindow
GetCursorInfo
DispatchMessageW
GetCapture
RegisterDeviceNotificationW
InvalidateRgn
IsWindow
ReplyMessage
ShowWindow
GetActiveWindow
GetSubMenu
SetCaretPos
TrackPopupMenu
GetClassLongPtrW
DrawIcon
GetWindowPlacement
WindowFromPoint
GetWindowLongPtrW
WaitMessage
GetScrollInfo
ChildWindowFromPointEx
SetMenuItemBitmaps
SetClassLongPtrW
CreatePopupMenu
DragDetect
SetWindowTextW
UnregisterClassW
EndDialog
GetCursor
SendMessageW
ScreenToClient
DeleteMenu
GetIconInfo
CreateWindowExW
FillRect
HideCaret
CopyIcon
SetWindowRgn
SetWindowLongPtrW
EnumChildWindows
ValidateRgn
GetMenuItemCount
SetActiveWindow
InvertRect
MessageBoxW
SetWindowPos
IsWindowVisible
GetCaretPos
GetDC
DestroyWindow
InsertMenuItemW
GetFocus
SendMessageTimeoutW
GetMenu
GetMenuItemID
GetWindowRect
FindWindowExW
GetWindow
CheckMenuRadioItem
PostMessageW
CallWindowProcW
GetUpdateRgn
LoadMenuW
ModifyMenuW
GetMenuState
CloseWindow
GetSystemMenu
DefWindowProcW
GetMenuItemInfoW
GetMessageW
SetScrollInfo
DrawAnimatedRects
GetWindowTextLengthW
GetWindowLongW
LoadCursorW
GetWindowDC
EnumThreadWindows
InsertMenuW
SetCursor
GetDlgItemInt
RemoveMenu
CheckMenuItem
GetClientRect
GetDlgItem
AppendMenuW
GetClassLongW
GetMenuItemRect
DrawTextW
PostThreadMessageW
DrawIconEx
ShowCaret
PostQuitMessage
GetDesktopWindow
GetSysColorBrush
GetNextDlgGroupItem
CreateDialogIndirectParamW
DestroyCaret
GetClassNameW
SetParent
MessageBeep
DrawMenuBar
EnableMenuItem
DrawEdge
SystemParametersInfoW
SetDlgItemInt
CreateMenu
GetParent
RegisterWindowMessageW
DialogBoxParamW
CascadeWindows
PtInRect
UnregisterDeviceNotification
UpdateWindow
ReleaseCapture
SetForegroundWindow
LoadImageW
InvalidateRect
GetAncestor
IsIconic
ChildWindowFromPoint
ReleaseDC
GetCursorPos
BeginPaint
GetNextDlgTabItem
EndPaint
GetWindowRgn
EnableWindow
GetWindowTextW
SetFocus

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

comctl32

ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_Remove
ImageList_GetIcon
_TrackMouseEvent
ImageList_LoadImageW
ord17
ImageList_Destroy
ImageList_Replace
ImageList_Create
ImageList_GetImageCount
ImageList_Draw
ImageList_Add
ImageList_SetBkColor
ImageList_ReplaceIcon
InitCommonControlsEx

shell32

DragAcceptFiles
Shell_NotifyIconW
ExtractIconW
ExtractIconExW

python312

PySys_WriteStderr
_Py_TrueStruct
PyEval_CallObjectWithKeywords
PyCallable_Check
PyObject_IsTrue
PyObject_Call
PyErr_Print
PyExc_TypeError
_Py_NewReference
PyDict_DelItem
PyGILState_Ensure
PyObject_CallObject
PyDict_GetItem
PyErr_NoMemory
PyLong_FromVoidPtr
PyMem_Free
PyDict_New
PyDict_SetItem
PyObject_GenericSetAttr
PyTuple_Size
PyErr_Clear
PyObject_GetAttrString
PyType_Ready
PyModule_Create2
PyUnicode_AsWideCharString
PyUnicode_AsUTF8
PyLong_AsLong
PyErr_Fetch
_PyArg_ParseTuple_SizeT
PyModule_GetDict
PyTuple_GetItem
PyLong_AsUnsignedLongMask
PyExc_PendingDeprecationWarning
_Py_FalseStruct
PyFloat_FromDouble
PyErr_Format
_PyArg_ParseTupleAndKeywords_SizeT
PyExc_AttributeError
PyEval_RestoreThread
PyLong_AsUnsignedLong
PyErr_Occurred
PyDict_SetItemString
PyTuple_New
PyLong_AsLongLong
PyBytes_AsStringAndSize
PyGILState_Release
PyBytes_FromString
PyExc_MemoryError
PyEval_SaveThread
PyObject_GenericGetAttr
PyLong_FromSsize_t
PyErr_WarnEx
_Py_BuildValue_SizeT
PyBool_FromLong
PySequence_Tuple
PyArg_ParseTuple
PyExc_NotImplementedError
PyBytes_FromStringAndSize
PyList_Append
PyList_New
_Py_Dealloc
PyLong_FromUnsignedLong
PyExc_ValueError
PyErr_SetString
_Py_NoneStruct
Py_BuildValue
PyLong_FromLong

pywintypes312

??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z
?ok@PyWinBufferView@@QEAA_NXZ
?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z
?PyWinObject_AsPARAM@@YAHPEAU_object@@PEAVPyWin_PARAMHolder@@@Z
?PyWinObject_AsRECT@@YAHPEAU_object@@PEAUtagRECT@@@Z
?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyWinObject_AsPOINT@@YAHPEAU_object@@PEAUtagPOINT@@@Z
?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z
?PyWinObject_FromRECT@@YAPEAU_object@@PEAUtagRECT@@@Z
?PyWinObject_AsMSG@@YAHPEAU_object@@PEAUtagMSG@@@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z
?PyHANDLEType@@3U_typeobject@@A
?PyWinObject_FromMSG@@YAPEAU_object@@PEBUtagMSG@@@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_AsSimplePARAM@@YAHPEAU_object@@PEA_K@Z
?PyBuffer_FromMemory@@YAPEAU_object@@PEAX_J@Z
?PyWinLong_FromVoidPtr@@YAPEAU_object@@PEBX@Z
?PyWinExc_ApiError@@3PEAU_object@@EA
?PyWinObject_AsDEVMODE@@YAHPEAU_object@@PEAPEAU_devicemodeW@@H@Z
?PyBuffer_New@@YAPEAU_object@@_J@Z
??0PyHANDLE@@QEAA@PEAX@Z
??1PyHANDLE@@UEAA@XZ
?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z
?PyWinLong_FromHANDLE@@YAPEAU_object@@PEAX@Z
??0PyWinBufferView@@QEAA@XZ
??1PyWinBufferView@@QEAA@XZ
?ptr@PyWinBufferView@@QEAAPEAXXZ
?len@PyWinBufferView@@QEAAKXZ
?PyWinObject_FreeResourceId@@YAXPEA_W@Z
?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z
?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinObject_AsDWORDArray@@YAHPEAU_object@@PEAPEAKPEAKH@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
IsBadStringPtrW
IsBadReadPtr
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetLastError
SetLastError
IsBadWritePtr
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalFree
RtlCaptureContext
IsProcessorFeaturePresent
GlobalAlloc

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__std_terminate
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
__current_exception
__current_exception_context
memset

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_callnewh

api-ms-win-crt-string-l1-1-0

wcsncpy
strcmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initterm
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initialize_narrow_environment

Exports

Exports

DllMain
PyInit_win32gui

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9897a2efd2c27ee50b0ed9d498ccd390

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

comdlg32

comctl32

shell32

python312

pywintypes312

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 14KB - Virtual size: 15KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 860B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 860B

.reloc
Size: 2KB - Virtual size: 1KB