NEAS[.]42ef1afaa2217519d872a3174019cf10_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.42ef1afaa2217519d872a3174019cf10_JC.exe
Size

1.2MB
MD5

42ef1afaa2217519d872a3174019cf10
SHA1

1b4eca2f1720669b8b475e22da22083b6cb30ba5
SHA256

c4669ea35cb957a6465bed1bff34d2b8d9a4170ab98e265e7a4dffb628eeadc3
SHA512

00efc6b4f893fb084934e894d2666ac8af007fb78f08d5db8e5fe1d67bd7fc5733f8fce1209c286415dbc1b87059073f06901ba44be07bcea38c86891c5c096d
SSDEEP

12288:0JgeKznl5TXJR0j3p2pVUrrQuLoWTF23JVbd0UILzXSocmKdYNq6:0J7ozX0j52pMkuLoiSJVlIL29mhNq6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.42ef1afaa2217519d872a3174019cf10_JC.exe

Files

NEAS.42ef1afaa2217519d872a3174019cf10_JC.exe
.exe windows:6 windows x86

d976cc32a1f37f03b7dcc151007b9ce8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AllocateAndInitializeSid
SetServiceStatus
AddAccessAllowedAce
FreeSid
GetLengthSid

kernel32

GetCommandLineW
WaitForSingleObject
SetEvent
ConnectNamedPipe
GetTickCount
WriteFile
RegisterApplicationRestart
InitializeCriticalSection
GlobalAlloc
CreateEventA
LeaveCriticalSection
GetOverlappedResult
DisconnectNamedPipe
GetLastError
CreateNamedPipeA
EnterCriticalSection
GlobalFree
ResetEvent
HeapSetInformation
DeleteCriticalSection
CloseHandle
GetCurrentProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep

msvcrt

__setusermatherr
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__p__fmode
_cexit
_exit
__set_app_type
_amsg_exit
__p__commode
_XcptFilter
exit
_beginthreadex
__getmainargs

ws2_32

WSAGetLastError
ioctlsocket
WSAStartup
recvfrom
getaddrinfo
select
htons
WSACleanup
bind
socket
closesocket
__WSAFDIsSet
freeaddrinfo

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d976cc32a1f37f03b7dcc151007b9ce8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ws2_32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB