NEAS[.]3af5f3cc848da874a6ec811c5d08c1e0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3af5f3cc848da874a6ec811c5d08c1e0_JC.exe
Size

3.3MB
MD5

3af5f3cc848da874a6ec811c5d08c1e0
SHA1

ede68bda0dd1722850a47e9b71d6611c9e9f19a6
SHA256

11a22a7a137e7ce8621cdc2097a8ba8333e662e88dd5b5e57de0f52f4f3111cc
SHA512

19008d2c338a8a74d295993ed3eea719ff9ad94a03e480b2ac69c0ce4cff610da4edabe0a569d87cde884447a4a558694e7519fc250f889b7a24b53b5416b78b
SSDEEP

49152:mjB8yXZ9scIJuoAVicoSC457ylTabt6Z1Rcw6iirBJRCK9Z:mt8yXrshbcVCaO9ahK1Rn6ld3Co

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3af5f3cc848da874a6ec811c5d08c1e0_JC.exe

Files

NEAS.3af5f3cc848da874a6ec811c5d08c1e0_JC.exe
.exe windows:5 windows x86

abc48d7d8f2477edaf3cbbf0cd2f8a57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
GetSecurityInfo
RegEnumKeyExA
CryptAcquireContextW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

shell32

ShellExecuteA
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW
ExtractIconExW
SHGetFolderPathW

psapi

GetProcessImageFileNameW

ws2_32

WSAStartup
inet_pton
ntohs
select
sendto
getservbyname
recvfrom
inet_addr
gethostname
ioctlsocket
freeaddrinfo
getaddrinfo
listen
htonl
accept
__WSAFDIsSet
WSACleanup
WSAIoctl
send
socket
setsockopt
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetLastError

comctl32

ImageList_Destroy
InitCommonControlsEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

LoadCursorW
FindWindowW
SetWindowLongW
GetWindowLongW
GetWindowRect
SetWindowPos
PrintWindow
RegisterClassExW
DefWindowProcW
RegisterWindowMessageW
SystemParametersInfoW
LoadImageW
InvalidateRect
UpdateWindow
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
WaitMessage
PeekMessageW
TranslateMessage
GetMessageW
DestroyIcon
GetCursorPos
MessageBoxW
ReleaseDC
GetDC
SetForegroundWindow
DrawTextW
CharLowerW
SetMenuItemInfoW
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetSystemMetrics
KillTimer
SetTimer
PostQuitMessage
PostMessageW
GetUserObjectInformationW
GetProcessWindowStation
DispatchMessageW
GetWindowLongA
GetWindowThreadProcessId
EnumWindows
SendMessageW
RegisterWindowMessageA
PostMessageA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

kernel32

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
RaiseException
GetCurrentDirectoryW
GetFullPathNameW
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
HeapSize
SetConsoleCtrlHandler
GetCommandLineA
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetLocaleInfoEx
FormatMessageA
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
GetTimeZoneInformation
GetProcessHeap
HeapReAlloc
HeapQueryInformation
CreateEventW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetStdHandle
FindFirstFileExW
IsValidCodePage
EnumSystemLocalesW
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
RtlUnwind
LoadLibraryExW
ConvertThreadToFiber
ConvertFiberToThread
GlobalMemoryStatus
SystemTimeToFileTime
GetSystemTime
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
GetWindowsDirectoryA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
GetSystemTimeAsFileTime
CompareFileTime
MoveFileExA
GetSystemDirectoryA
FormatMessageW
SetLastError
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
VirtualQueryEx
GetProcessId
CreateThread
CreateSemaphoreW
ReleaseSemaphore
SetFilePointerEx
GetFileTime
GetFileType
Process32Next
Process32First
SetEndOfFile
GetVolumeInformationA
LoadLibraryW
GetTickCount
MoveFileW
QueryDosDeviceA
LocalFree
GetTempPathA
WriteFile
CloseHandle
GetLastError
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetStdHandle
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetFileAttributesExW
ReleaseMutex
CreateMutexW
GetWindowsDirectoryW
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryA
AttachConsole
GetModuleHandleW
MulDiv
VerSetConditionMask
LoadResource
LockResource
SizeofResource
FindResourceW
VerifyVersionInfoW
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
HeapSetInformation
GetProcessHeaps
GetCurrentProcess
GetCommandLineW
CreateProcessW
CreateFileW
SetUnhandledExceptionFilter
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
GetModuleHandleA
Module32First
Module32Next
K32GetModuleInformation
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
RtlCaptureContext
IsBadReadPtr
IsBadCodePtr
TlsGetValue
TlsSetValue
IsDebuggerPresent
Sleep
TerminateProcess
SwitchToThread
GetLocalTime
GetVersionExW
SleepEx
MoveFileExW
WideCharToMultiByte
TlsAlloc
TlsFree
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
SetEvent
WaitForSingleObjectEx
CreateEventA
WaitForSingleObject
GetUserDefaultUILanguage
CreateDirectoryW
FlushInstructionCache
GlobalMemoryStatusEx
VirtualAlloc
WriteProcessMemory
VirtualFree
InitializeCriticalSection
ResetEvent
WaitForMultipleObjects
TerminateThread
SetWaitableTimer
CreateWaitableTimerA
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSizeEx
ReadFile
RemoveDirectoryW

gdi32

DeleteDC
GetTextMetricsW
CreateCompatibleDC
SelectObject
GetDeviceCaps
CreateFontIndirectW
CreateDIBSection
DeleteObject

winmm

timeBeginPeriod
timeGetTime

dbghelp

SymLoadModule
UnDecorateSymbolName
SymSetSearchPath
SymInitialize
SymSetOptions
MiniDumpWriteDump
SymGetModuleInfo
SymGetSymFromAddr
SymUnDName
SymGetLineFromAddr

crypt32

CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertCloseStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abc48d7d8f2477edaf3cbbf0cd2f8a57

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

psapi

ws2_32

comctl32

version

user32

ole32

kernel32

gdi32

winmm

dbghelp

crypt32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 580KB - Virtual size: 579KB

.data Size: 41KB - Virtual size: 1.1MB

.rsrc Size: 569KB - Virtual size: 568KB

.reloc Size: 73KB - Virtual size: 72KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 580KB - Virtual size: 579KB

.data
Size: 41KB - Virtual size: 1.1MB

.rsrc
Size: 569KB - Virtual size: 568KB

.reloc
Size: 73KB - Virtual size: 72KB