NEAS[.]30a3764fed4b99cdd9acf002b59418d0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.30a3764fed4b99cdd9acf002b59418d0_JC.exe
Size

1.1MB
MD5

30a3764fed4b99cdd9acf002b59418d0
SHA1

b5ccb3a53592f2c649b62760051d5f1ff27d56ae
SHA256

eee3937b8d727e5f2c59dd6e2e8c9b139fccf5ed65eec8fc54dcd64e52a3bb20
SHA512

a9e50c053bf263b6aea7d872d9af1432b57cc82ad093b599fe7400206f5d0dfd28e1c440fc84ac050fac13a3a583d18f877ac9e3d415f9c6f4a3cd7af9fd926c
SSDEEP

24576:sz0S3XQnaNsnt18pTOgpLAKDuM9uvIYiA1:sz0S3gDj8p9RcQA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.30a3764fed4b99cdd9acf002b59418d0_JC.exe

Files

NEAS.30a3764fed4b99cdd9acf002b59418d0_JC.exe
.dll windows:5 windows x86

1c47f40ca06a3eeaedb070886492938c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules

kernel32

LoadLibraryExA
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
PostQueuedCompletionStatus
CreateIoCompletionPort
InterlockedExchangeAdd
GetModuleHandleW
SetNamedPipeHandleState
WaitNamedPipeA
Sleep
CreateFileA
FlushFileBuffers
GetLongPathNameA
WriteConsoleW
GetConsoleOutputCP
LoadLibraryW
LoadLibraryA
lstrcmpiA
VirtualProtect
WriteProcessMemory
VirtualQuery
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
CloseHandle
DisconnectNamedPipe
ConnectNamedPipe
ReadFile
ResetEvent
GetQueuedCompletionStatus
SetEvent
WriteFile
SetLastError
GetLastError
WaitForSingleObject
GetOverlappedResult
InterlockedIncrement
GetCurrentThreadId
InterlockedExchange
GetSystemTimeAsFileTime
GetProcessHeap
CancelIo
GetSystemInfo
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
GetUserDefaultLangID
GetCurrentProcess
SetWaitableTimer
CancelWaitableTimer
SleepEx
CreateEventA
QueueUserAPC
CreateWaitableTimerA
CreateThread
GetCurrentThread
OpenThread
GetWindowsDirectoryA
CreateFileW
GetVersionExA
ResumeThread
SuspendThread
FlushInstructionCache
IsBadCodePtr
TlsAlloc
VirtualAlloc
VirtualFree
IsBadReadPtr
TlsSetValue
TlsGetValue
ReadProcessMemory
TerminateProcess
GetCurrentDirectoryA
GetStdHandle
AllocConsole
FreeConsole
OutputDebugStringA
LocalFree
SetCurrentDirectoryA
ExpandEnvironmentStringsA
DeleteFileA
GetTickCount
InterlockedDecrement
TerminateThread
RaiseException
CreateSemaphoreA
ReleaseSemaphore
SetEndOfFile
SetFilePointer
MoveFileExA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
GetDiskFreeSpaceExA
WideCharToMultiByte
InterlockedCompareExchange
MultiByteToWideChar
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetCommandLineA
ExitProcess
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFullPathNameA
GetCPInfo
LCMapStringA
LCMapStringW
FatalAppExitA
GetACP
GetOEMCP
IsValidCodePage
TlsFree
HeapSize
HeapCreate
HeapDestroy
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

user32

GetKeyState

advapi32

IsTokenRestricted
LookupPrivilegeNameA
EqualSid
InitializeAcl
AddAccessAllowedAce
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameA
IsValidSid
AllocateAndInitializeSid
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegEnumKeyExA
GetLengthSid
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetTokenInformation
LookupAccountSidA
CopySid
ImpersonateNamedPipeClient
RevertToSelf
GetExplicitEntriesFromAclA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

gethostname

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c47f40ca06a3eeaedb070886492938c

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

version

ws2_32

imagehlp

Sections

.text Size: 749KB - Virtual size: 748KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 225KB - Virtual size: 239KB

.tls Size: 512B - Virtual size: 125B

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 749KB - Virtual size: 748KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 225KB - Virtual size: 239KB

.tls
Size: 512B - Virtual size: 125B

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 30KB - Virtual size: 30KB