NEAS[.]3ad876050b701823f042eecf0ad2f4a0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3ad876050b701823f042eecf0ad2f4a0_JC.exe
Size

1.4MB
MD5

3ad876050b701823f042eecf0ad2f4a0
SHA1

5183997eb1b870aec74d4d03266745ae2bf9fa4e
SHA256

ce7be4c79fc9aff6e4928484600fef506b25033a7a970f63614e2aff0f6000b3
SHA512

b8f54a709ec71961f00028f2945d6922444ec0fa1c0560b54b3bde1690fcef7ea1ddb5254c1175827e591cfc2246f9c01a7de22b7d2359a6cd3e4c1e72365d1b
SSDEEP

12288:ANhZ6JQTnKdcAjSigcjSVPgfiTbsMtRtjLO+hubU3gYXb1QChhLNsB2:4Z6JQTnKkinOlbsMlPjz3dXhQChtNsB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3ad876050b701823f042eecf0ad2f4a0_JC.exe

Files

NEAS.3ad876050b701823f042eecf0ad2f4a0_JC.exe
.exe windows:5 windows x86

f06e9eb9285dee425507ae86ebe537a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libintl-8

libintl_textdomain
libintl_gettext
libintl_bindtextdomain

libpq

ord7
ord48
ord33
ord21
ord140
ord15
ord14
ord122
ord121
ord120
ord4
ord156
ord68
ord75
ord91
ord90
ord130
ord70
ord67
ord76
ord69
ord77
ord72
ord34
ord45
ord126
ord64
ord113

kernel32

DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
SleepEx
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetFileAttributesExA
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
FormatMessageA
DeviceIoControl
SetEnvironmentVariableA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetConsoleCtrlHandler
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
WaitForSingleObject
ReadFile
CloseHandle
DuplicateHandle
CreatePipe
CreateProcessA
GetCurrentDirectoryA
GetStdHandle
GetConsoleMode
SetConsoleMode
GetProcAddress
GetModuleHandleA

advapi32

SetTokenInformation
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAceEx
GetUserNameA
GetTokenInformation

msvcr120

strncmp
strstr
isupper
fflush
getenv
realloc
memset
fputc
_pclose
_errno
strerror
strncpy
isalpha
islower
toupper
tolower
fwrite
sprintf
strchr
strrchr
isdigit
_dclass
fclose
fgets
fopen
fputs
strcspn
_putenv
setlocale
memcpy
_stat32
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_strdup
malloc
free
abort
_unlink
__iob_func
memmove
_getcwd
exit

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f06e9eb9285dee425507ae86ebe537a8

Headers

DLL Characteristics

File Characteristics

Imports

libintl-8

libpq

kernel32

advapi32

msvcr120

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB