NEAS[.]be7da65f087cfe36ab0b519d01074220_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.be7da65f087cfe36ab0b519d01074220_JC.exe
Size

1.4MB
MD5

be7da65f087cfe36ab0b519d01074220
SHA1

44d0b4f57e341fc7f435f4f11ef4535810e8303d
SHA256

3222ea5e74a5a1e96fd0d63eee425e35f374823a0f9a546648da2b387471ed99
SHA512

0fb6621ae4b6a3689c7d768d4acaf4acbb3b411cf1e07e7d393a808d5c4967c2e97b9944acd2df062e249f18b80262fd942af63628e119673d342ad08301e7b5
SSDEEP

24576:EUpKcgXvTi8T/T5Czu00/f1AEolWlUZfI/QRqBb1wRS:9prAriCT5ou0u1AEoUOfO8kwRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.be7da65f087cfe36ab0b519d01074220_JC.exe

Files

NEAS.be7da65f087cfe36ab0b519d01074220_JC.exe
.exe windows:5 windows x86

d0d6f00da63b6a87e1e57ba94d795b1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
StringFromGUID2
OleUninitialize
OleInitialize
OleRun
OleSetContainedObject
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance

shell32

ShellExecuteExA
SHGetFolderPathW
FindExecutableA
Shell_NotifyIconA
SHGetFolderPathA

wininet

InternetCrackUrlA
InternetTimeFromSystemTime
InternetGetConnectedState
InternetTimeToSystemTime

user32

SetFocus
SetRect
GetWindowThreadProcessId
RegisterClassExA
GetFocus
GetAncestor
GetSystemMenu
GetWindowRect
GetParent
GetClientRect
SendMessageA
MessageBoxW
IsChild
CharNextA
DispatchMessageW
RegisterClassA
LoadImageA
GetSystemMetrics
DispatchMessageA
PostMessageA
AppendMenuA
CreatePopupMenu
ShowWindow
MsgWaitForMultipleObjectsEx
GetCursorPos
DefWindowProcA
IsWindowUnicode
PeekMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
TranslateMessage
SetForegroundWindow
TrackPopupMenu
PostQuitMessage
GetMessageW
GetMessageA
DestroyWindow
DefWindowProcW
SetWindowTextW
LoadCursorA
EnableWindow
AdjustWindowRectEx
CreateWindowExW
SetWindowPos
GetDesktopWindow
SetWindowLongW
EnableMenuItem
ReleaseDC
GetWindowLongW
RegisterClassExW
GetDC
GetClassInfoExW

kernel32

ExitThread
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
AreFileApisANSI
ExitProcess
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapAlloc
IsProcessorFeaturePresent
HeapFree
CreateDirectoryW
GetFullPathNameW
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
SetStdHandle
HeapReAlloc
GetCPInfo
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
lstrcmpA
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
DecodePointer
DeleteCriticalSection
FindResourceA
FreeLibrary
LoadResource
GetCommandLineA
WideCharToMultiByte
SizeofResource
SetDllDirectoryA
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpiA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
CreateMutexA
CloseHandle
lstrlenA
WaitForSingleObject
FormatMessageA
GetExitCodeProcess
LocalFree
DeleteFileA
TlsGetValue
CreateFileA
SetEvent
WriteFile
Sleep
CreateEventA
OpenEventA
GetSystemTime
GetTempPathA
ResetEvent
WaitForMultipleObjects
CreateThread
SystemTimeToFileTime
FileTimeToSystemTime
MulDiv
LocalAlloc
GetCurrentThreadId
FormatMessageW
GetLocalTime
GetCurrentProcessId
GetNativeSystemInfo
GetCurrentProcess
GetModuleHandleExW
GetWindowsDirectoryA
GetSystemDirectoryA
SetLastError
MoveFileExA
GetTickCount
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
LockResource
SetEndOfFile
SetFilePointerEx
GlobalFree
TerminateProcess
PeekNamedPipe
SetHandleInformation
CreateProcessA
ReadFile
CreatePipe
GetModuleHandleExA
LoadLibraryW
LoadLibraryExW
OpenThread
GetExitCodeThread
ReleaseMutex
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
EncodePointer
IsDebuggerPresent
OutputDebugStringW
TlsFree
GetStartupInfoW
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
FlushFileBuffers
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileInformationByHandle
ReadConsoleW
SetEnvironmentVariableA
lstrcpynA
GetStringTypeW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExA
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegSetValueExA

oleaut32

SysFreeString
VarUI4FromStr
VariantClear
SysAllocString
VariantCopy
VariantInit
VariantChangeType
SysStringByteLen
GetErrorInfo

shlwapi

ord12

gdi32

GetStockObject
GetDeviceCaps

comctl32

InitCommonControlsEx

wintrust

WinVerifyTrust

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptBinaryToStringW
CertFindCertificateInStore
CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertCloseStore
CryptMsgGetParam
CryptProtectData
CryptUnprotectData

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA

winhttp

WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData

msi

ord158
ord115
ord137
ord67
ord189
ord117
ord160
ord168
ord31
ord91
ord159
ord8
ord204
ord44
ord141

Sections

.text
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0d6f00da63b6a87e1e57ba94d795b1a

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

user32

kernel32

advapi32

oleaut32

shlwapi

gdi32

comctl32

wintrust

crypt32

version

winhttp

msi

Sections

.text Size: 511KB - Virtual size: 511KB

.rdata Size: 190KB - Virtual size: 189KB

.data Size: 15KB - Virtual size: 25KB

.rsrc Size: 109KB - Virtual size: 108KB

.reloc Size: 604KB - Virtual size: 608KB

.text
Size: 511KB - Virtual size: 511KB

.rdata
Size: 190KB - Virtual size: 189KB

.data
Size: 15KB - Virtual size: 25KB

.rsrc
Size: 109KB - Virtual size: 108KB

.reloc
Size: 604KB - Virtual size: 608KB