NEAS[.]484a2938c8a429e46a12618ed0e1b400_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.484a2938c8a429e46a12618ed0e1b400_JC.exe
Size

423KB
MD5

484a2938c8a429e46a12618ed0e1b400
SHA1

00aca6b3e62151f0f7fe86124644569c6910dc22
SHA256

d0a16f13938d51a219d824ceeea1c0672bf651cc841e48ae8c9db55af4afd8e6
SHA512

327259df4dc10cb58dfa526c5640952478af230baf43138e557ae101be77a6962d83a8ae7daeb902813c0ffcc16fe05deeda5c5658e344b1b7eb1a8c0531db5c
SSDEEP

12288:THxxSa0L6VWd6dWBT6DGeJHnKqScfqnu:THxUaw6VWdm0T6DGeFKqScf+u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.484a2938c8a429e46a12618ed0e1b400_JC.exe

Files

NEAS.484a2938c8a429e46a12618ed0e1b400_JC.exe
.dll windows:4 windows x86

7088b1998348bdd42b6fdeb300ebee50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
MultiByteToWideChar
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReadFile
GetProcAddress
GetDriveTypeW
CreateDirectoryW
GetDriveTypeA
GetFileAttributesA
GetFileAttributesW
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
GetVersionExA
WaitForSingleObject
CreateMutexA
ReleaseMutex
GetVersion
CreateFileW
Sleep
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemInfo
GetVersionExW
GetComputerNameA
GetLastError
GetCurrentProcessId
OutputDebugStringA
WideCharToMultiByte
GetTickCount
SetEndOfFile
WriteFile
HeapFree
HeapAlloc
MoveFileA
DeleteFileA
DeleteFileW
MoveFileW
GetCommandLineA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
GetStdHandle
RtlUnwind
GetConsoleCP
GetConsoleMode
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
HeapSize
GetLocaleInfoA

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyW
RegDeleteKeyA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExW
RegSetValueExA
SetNamedSecurityInfoW
SetNamedSecurityInfoA

Exports

Exports

ATM3CheckTemplateType
ATM3MatchImageToTemplateList

Sections

.text
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7088b1998348bdd42b6fdeb300ebee50

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 327KB - Virtual size: 327KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 45KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 327KB - Virtual size: 327KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 45KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB