NEAS[.]d86c23eb7e65f7adbc575c328108ab70_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.d86c23eb7e65f7adbc575c328108ab70_JC.exe
Size

5.4MB
MD5

d86c23eb7e65f7adbc575c328108ab70
SHA1

727267733561252503bfe7a8bf847b7d7a43f548
SHA256

6ae7cd245ebaebe65213353010e485419d69ec7b4a5f04b52957576e6001e920
SHA512

a4f1a6a92052b2dad016ec7639557336515ba402832505f94c3f211079ca3dc045ab82cdc7dedcf434bc3e3aad2ddce8ad3682572d7685f1c5061c52940498c3
SSDEEP

98304:htLK3TDhtvS0Hpe4zbpaAKQkroGIK23ft:4TnvjeApaAvkt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d86c23eb7e65f7adbc575c328108ab70_JC.exe

Files

NEAS.d86c23eb7e65f7adbc575c328108ab70_JC.exe
.exe windows:6 windows x64

fab403a881d1d6b1eefa16116bfb261c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
ConvertStringSidToSidW
RegSetKeySecurity
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegSetValueExW
RegDeleteKeyW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
CryptGenKey
CryptExportKey
CryptVerifySignatureA
CryptSignHashA
CryptImportKey
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegEnumKeyExW
GetTokenInformation
EqualSid
OpenProcessToken
ConvertSidToStringSidW
LookupAccountNameW
RegOpenKeyW
RegCreateKeyW

kernel32

RegisterWaitForSingleObject
CreateTimerQueue
CreateTimerQueueTimer
GetModuleHandleExW
UnregisterWaitEx
DeleteTimerQueue
DecodePointer
DeleteTimerQueueEx
EncodePointer
FileTimeToSystemTime
CreateMutexW
OpenMutexW
ReleaseMutex
GetTickCount
CreateSemaphoreW
ExpandEnvironmentStringsW
MultiByteToWideChar
CreateFileW
GetFileSize
ReadFile
QueueUserWorkItem
GetCurrentProcessId
OpenProcess
WriteFile
GetFileAttributesW
SetFileAttributesW
ChangeTimerQueueTimer
CreateDirectoryW
GetFileSizeEx
GetSystemInfo
SystemTimeToFileTime
CompareFileTime
GetSystemTimeAsFileTime
CreateEventW
GetModuleHandleA
lstrcmpiW
GetPrivateProfileStringW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetSystemDirectoryW
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
RaiseException
InitializeCriticalSectionAndSpinCount
GetProcAddress
LoadLibraryW
FreeLibrary
Sleep
GetVersionExW
WaitForSingleObject
SetEvent
InitializeCriticalSection
GetVersion
VirtualProtect
VirtualAlloc
SetLastError
VirtualFree
GetLocalTime
DeleteFileW
FlushFileBuffers
CopyFileW
MoveFileExW
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersionExA
WideCharToMultiByte
GetSystemTime
GetComputerNameW
DeviceIoControl
ReleaseSemaphore
HeapSetInformation
LeaveCriticalSection
EnterCriticalSection
DeleteTimerQueueTimer
GetCurrentThreadId
LocalFree
DeleteCriticalSection
SetThreadPriority
GetThreadPriority
GetCurrentProcess
DuplicateHandle
GetCurrentThread
GetLastError
OpenThread
CloseHandle
LocalAlloc
GetProcessHeap
HeapFree
HeapAlloc
lstrlenW
LCMapStringW

msvcrt

_vscwprintf
__setusermatherr
time
srand
rand
_itow
_ui64tow
memcmp
_wtoi
free
malloc
memset
memcpy
_wtof
_vsnwprintf
memmove
swscanf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wcsncmp
_wcsnicmp
_purecall
sscanf
wcschr
_wcsicmp

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW
UuidCreate
RpcRevertToSelfEx
RpcImpersonateClient
RpcRaiseException
RpcMgmtStopServerListening
RpcServerUnregisterIf
I_RpcMapWin32Status
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcServerListen
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
NdrServerCallAll
NdrServerCall2

ntdll

NtQueryObject
RtlInitUnicodeString
RtlEqualUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInstallFunctionTableCallback
RtlDeleteFunctionTable
RtlFreeHeap
RtlAllocateHeap

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 584KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fab403a881d1d6b1eefa16116bfb261c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

ole32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.data Size: 460KB - Virtual size: 460KB

.pdata Size: 73KB - Virtual size: 73KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 584KB - Virtual size: 588KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 460KB - Virtual size: 460KB

.pdata
Size: 73KB - Virtual size: 73KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 584KB - Virtual size: 588KB