NEAS[.]ab11ef76a8775ca847f67e6838e40490_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ab11ef76a8775ca847f67e6838e40490_JC.exe
Size

140KB
MD5

ab11ef76a8775ca847f67e6838e40490
SHA1

ee2f388f0288af5c2f3e7c2dfef03c0b02d6da4d
SHA256

3b849f83585eb48941871d28d45824bf774e0437ae4abae3fdc9f3099e3b73c0
SHA512

1956768749c582646d4f365cd6fcb184e2b3e6ed653927f628a352b6d76b842c46647cb56f98a4dd21c1bf24e0c9ad8bb691ca163b8f1ae9a30deaccf4d6be00
SSDEEP

1536:VJ+LxJJN+czgnqj1kmsdp4uX6X+n5j3hAqK6W2ulQEgzr5Z4DAWLHw:Vi/yGgnqS9dpX6OrK6W5lQ3zrkw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ab11ef76a8775ca847f67e6838e40490_JC.exe

Files

NEAS.ab11ef76a8775ca847f67e6838e40490_JC.exe
.exe windows:4 windows x86

7f09d2251ccee322d69fe0034b6cba70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
htonl
htons
bind
WSAGetLastError
sendto
recvfrom
ntohs
inet_ntoa
closesocket
socket
setsockopt
getsockopt
WSAStartup
WSACleanup

kernel32

GetVersionExA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetDriveTypeA
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetCurrentDirectoryW
GetTimeZoneInformation
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetFileSize
WriteFile
SetFilePointer
lstrcpyW
GetModuleFileNameW
CloseHandle
UnmapViewOfFile
CopyFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateFileW
lstrlenW
GetPrivateProfileSectionW
lstrcatW
CreateDirectoryW
GetLastError
MapViewOfFile
CreateFileMappingW
ReadFile
MoveFileExW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetLocalTime
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetModuleFileNameA
SetUnhandledExceptionFilter
GetFullPathNameW
GetCurrentDirectoryA
GetProcAddress
TerminateProcess
GetCurrentProcess
VirtualQuery
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetOEMCP

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f09d2251ccee322d69fe0034b6cba70

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 48KB - Virtual size: 47KB