NEAS[.]85185f122ebda4e4943f420e99682a00_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.85185f122ebda4e4943f420e99682a00_JC.exe
Size

634KB
MD5

85185f122ebda4e4943f420e99682a00
SHA1

72c8ebcbd453dbe8824bb35f8da1e5a6e358d67c
SHA256

a4db2a6e9283e8827bac5a24988ad2b9f5a1b440c9e9dac98329723575e17651
SHA512

fb859d3e9d258303befe57e93e80fd7b196458d50df7fbf38fed91168121735afb8402b715951404f8c72ffaf42024f42f439827e9f109810d2a0cc888ddf054
SSDEEP

12288:nC+w2M0reUEPOgu2QPvDAGVqZAPiSTE/dR4SBDgjC/sR8PEm8knCIezCdqe3dExM:nY2M0aXOiQHDAGVuaEFR4ZO9tezCDtEi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.85185f122ebda4e4943f420e99682a00_JC.exe

Files

NEAS.85185f122ebda4e4943f420e99682a00_JC.exe
.exe windows:6 windows x86

1bfee7ad524341ddeeb0a0412fa9518c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAPoll
WSAGetLastError
WSACleanup
WSAStartup
gethostname
ntohl
socket
shutdown
setsockopt
send
select
recv
ntohs
listen
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
gethostbyname
sendto
recvfrom
__WSAFDIsSet

kernel32

CreateThread
GetTickCount64
ResumeThread
SetThreadAffinityMask
CreateEventA
SetEvent
GetCurrentProcessId
OpenProcess
GetProcessAffinityMask
SetProcessAffinityMask
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetThreadPriority
SetThreadPriority
ResetEvent
CreateMutexW
CreateSemaphoreA
ReleaseSemaphore
TlsSetValue
GetSystemDirectoryA
TlsGetValue
WriteConsoleW
GetLocalTime
Sleep
GetSystemTimeAsFileTime
VerSetConditionMask
GetLastError
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
VerifyVersionInfoW
SuspendThread
WaitForSingleObject
ReleaseMutex
WaitForMultipleObjects
GetConsoleScreenBufferInfo
GetThreadContext
SetThreadContext
TlsAlloc
TlsFree
SwitchToThread
GetModuleHandleA
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CloseHandle
IsProcessorFeaturePresent
LoadLibraryW
CreateFileW
GetStdHandle
GetFileType
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
SendARP

vcruntime140

__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
memmove
longjmp
_setjmp3
memchr
strchr
memset
memcpy
strstr
__vcrt_LoadLibraryExW

api-ms-win-crt-stdio-l1-1-0

fopen
fclose
_set_fmode
fseek
__acrt_iob_func
fflush
putc
fread
__p__commode
__stdio_common_vsprintf_s
_close
_fileno
ftell
fwrite
__stdio_common_vfscanf
_chsize
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
fopen_s
_wfopen
fputws
__stdio_common_vsscanf
fgetc
__stdio_common_vsprintf
feof
ferror
_fseeki64
_ftelli64
setvbuf
_get_osfhandle
_setmode
freopen

api-ms-win-crt-string-l1-1-0

isalpha
_strnicmp
strncmp
_stricmp
isprint
strncpy
tolower
isalnum
_strdup
strcpy_s
strpbrk
strtok
strcat_s
_strlwr
isdigit
isspace

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

__p___argc
_execute_onexit_table
_c_exit
_crt_atexit
_getpid
_crt_at_quick_exit
_exit
_register_onexit_function
_initterm_e
_controlfp_s
_initterm
_get_initial_narrow_environment
terminate
_set_app_type
_errno
__p___argv
_endthreadex
_set_errno
_get_errno
_beginthreadex
exit
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_exe
signal
_seh_filter_dll
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
strerror
_wassert
abort
_cexit

api-ms-win-crt-convert-l1-1-0

strtod
atoi
strtoll
_itoa
wcstombs
atol
atof

api-ms-win-crt-time-l1-1-0

_ftime64
_time64
_wutime64

api-ms-win-crt-utility-l1-1-0

bsearch
qsort
rand

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcat_s

api-ms-win-crt-math-l1-1-0

_except1
_libm_sse2_pow_precise
_libm_sse2_log_precise
_libm_sse2_sqrt_precise
__setusermatherr
_dclass
_libm_sse2_sin_precise
_libm_sse2_cos_precise
modf
__libm_sse2_exp
lround
__libm_sse2_log
__libm_sse2_cosf
frexp

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-filesystem-l1-1-0

_wrename
_fstat64
_wstat64
_wunlink
_wchmod

Sections

.text
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bfee7ad524341ddeeb0a0412fa9518c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

iphlpapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 495KB - Virtual size: 494KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 9KB - Virtual size: 10KB

.idata Size: 8KB - Virtual size: 7KB

.00cfg Size: 512B - Virtual size: 270B

_RDATA Size: 14KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 495KB - Virtual size: 494KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 9KB - Virtual size: 10KB

.idata
Size: 8KB - Virtual size: 7KB

.00cfg
Size: 512B - Virtual size: 270B

_RDATA
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB