NEAS[.]258d03b371ce9f516ee1b80e3efa5530_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.258d03b371ce9f516ee1b80e3efa5530_JC.exe
Size

242KB
MD5

258d03b371ce9f516ee1b80e3efa5530
SHA1

2c9393bffbf4478c123dcf667637040996ef0bc3
SHA256

c2f67f843069d8b59805287f157618754f02f710e74d019600e4d57535c39ffd
SHA512

bb12a1ee281e96d398656ad85b2bc9fa1fd8427ac6a6dfe48dd4995310b26e510b8e6c275ac53429e88c1ba44b610ddb59541e4e9bb464f2de17530ff10a5c32
SSDEEP

3072:XP2ahg/eKqwy6tiijyI2x76lxKdmwR2eK3TFh434RbSZKWIrr85HYCmomvihpaTY:fFg/VqVijpiOkZ2eK34BKr6gihpaPb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.258d03b371ce9f516ee1b80e3efa5530_JC.exe

Files

NEAS.258d03b371ce9f516ee1b80e3efa5530_JC.exe
.dll windows:10 windows x86

14ad0cea7e3a036d6fa337ae2c997913

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_vsnwprintf
_initterm
_amsg_exit
malloc
free
_mbscpy
wcsncpy_s
wcsncmp
memmove_s
strrchr
wcsstr
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
wcscat_s
wcscpy_s
iswspace
iswcntrl
_wcsdup
_wcsicmp
memcpy_s
__CxxFrameHandler3
wcsrchr
wcschr
_XcptFilter
_wcsnicmp
_wsplitpath_s
iswalpha
swscanf_s
_CxxThrowException
_callnewh
_ftol2_sse
_wcsnset
memset

fxsapi

FaxSendDocumentExW
FaxGetRecipientsLimit
FaxFreeSenderInformation
FaxGetSenderInformation
FaxGetReceiptsOptions
FaxConnectFaxServerW
FaxClose
FaxGetPersonalCoverPagesOption
FaxAccessCheckEx

kernel32

ReadFile
ExpandEnvironmentStringsW
GetProcAddress
FreeLibrary
CreateDirectoryW
GetFileAttributesW
MultiByteToWideChar
GetComputerNameW
WideCharToMultiByte
GetLocaleInfoEx
GetUserPreferredUILanguages
SetFilePointer
OutputDebugStringW
GetFileSize
GetVersionExW
GetFullPathNameW
SetEndOfFile
UnmapViewOfFile
CopyFileW
GetFileType
CreateFileMappingW
MapViewOfFileEx
GetCurrentThread
LocalFree
GetModuleFileNameW
FindNextFileW
FindClose
GetLastError
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
OpenMutexW
MapViewOfFile
CreateProcessW
CreateEventW
ReleaseMutex
CreateMutexW
SetEnvironmentVariableW
WaitForMultipleObjects
VirtualAlloc
VirtualFree
MulDiv
SetLastError
WriteFile
GetProfileIntW
QueryPerformanceCounter
GetTempPathW
CreateFileW
DeleteFileW
FindFirstFileW
CloseHandle
GetTempFileNameW
MoveFileW
DisableThreadLibraryCalls
LoadLibraryW
lstrlenA
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetSystemTime
SystemTimeToFileTime

advapi32

OpenProcessToken
ReportEventW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
AllocateAndInitializeSid
SetEntriesInAclW
GetSecurityDescriptorOwner
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
GetTokenInformation
CopySid
IsValidSid
GetLengthSid
OpenThreadToken
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryValueW
TraceMessage

winspool.drv

GetPrinterW
OpenPrinterW
EnumPrintersW
DocumentPropertiesW
GetJobW
SetJobW
ClosePrinter
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification

gdi32

GetTextMetricsW
TextOutW
SetBkMode
DeleteObject
SetMapMode
CreateFontIndirectW
StartDocW
EndPage
GetDeviceCaps
CreateDCW
GetTextExtentExPointW
StartPage
SelectObject
GetObjectW
GetStockObject
EndDoc
StretchDIBits
DeleteDC

user32

MessageBoxW
WinHelpW
MessageBeep
DialogBoxParamW
CreateWindowExW
GetWindowTextW
SendMessageW
EndDialog
SetWindowTextW
IsDlgButtonChecked
GetDlgItem
CheckDlgButton
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
GetWindowContextHelpId
EnableWindow
LoadStringW

shell32

SHGetFolderPathAndSubDirW
SHGetFolderPathW
ShellExecuteExW
SHSetLocalizedName

mapi32

ord62
ord82
ord140
ord185
ord17
ord75

comdlg32

ChooseFontW

tapi32

lineTranslateDialogW
lineGetTranslateCapsW
lineTranslateAddressW
lineInitializeExW
lineShutdown

Exports

Exports

ServiceEntry
XPProviderInit

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14ad0cea7e3a036d6fa337ae2c997913

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

fxsapi

kernel32

advapi32

winspool.drv

gdi32

user32

shell32

mapi32

comdlg32

tapi32

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 87KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 87KB - Virtual size: 87KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB