NEAS[.]b612ed11d1d562fff1bcb2145052cfb0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b612ed11d1d562fff1bcb2145052cfb0_JC.exe
Size

857KB
MD5

b612ed11d1d562fff1bcb2145052cfb0
SHA1

c597b3e2c4fe0fb6a62c21fa33ff527d0f2eb0dd
SHA256

835c495f4e471762b1a66da128ad1879a1464303bd7f5d2c37a4ce7f0a944295
SHA512

305c765f41b323a886eb578e9a529496ed251c8520c5c4a5f6c00d74ff78e9b67b1e65ef3f53b0136a7d204523cf361eb929e434c89a007d623f05e49814a5da
SSDEEP

24576:UPsIGtuuBeTv9FgtPYt57Fp+zuV7WAoS:UPsI5uer9OytR0uVGS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b612ed11d1d562fff1bcb2145052cfb0_JC.exe

Files

NEAS.b612ed11d1d562fff1bcb2145052cfb0_JC.exe
.dll windows:5 windows x86

d9bf62f7ab218af6a5fe5497e9781b5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
OutputDebugStringA
FindResourceW
GetProcAddress
LoadLibraryA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CloseHandle
WriteFile
ReadFile
CreateFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetExitCodeThread
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateEventW
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
SetEndOfFile
WriteConsoleW
SetStdHandle
FlushFileBuffers
LoadResource
FreeLibrary
LockResource
MultiByteToWideChar
GetFileAttributesW
OutputDebugStringW
GetCommandLineW
GetModuleFileNameW
DebugBreak
IsDebuggerPresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetProcessHeap
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
GetFileType
GetStdHandle
GetACP
HeapAlloc
HeapFree
HeapSize
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
RaiseException
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetLongPathNameW
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
FormatMessageA
FormatMessageW
GetLastError
SizeofResource
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThreadId
TryEnterCriticalSection
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore

user32

MessageBoxA
LoadStringW
MessageBoxW

mmfs2

ord217
ord216
ord209
ord207
ord211
ord219

ws2_32

setsockopt
getsockname
closesocket
WSASocketW
WSAGetLastError
bind
WSAAddressToStringA
ntohs
WSASetEvent
htons
WSAWaitForMultipleEvents
shutdown
WSAStartup
WSACleanup
WSARecvFrom
WSASendTo
WSAIoctl
WSACreateEvent
inet_ntoa
WSAResetEvent
WSACloseEvent

mswsock

TransmitFile

secur32

QueryContextAttributesW
FreeContextBuffer
EncryptMessage
DecryptMessage
AcceptSecurityContext

Exports

Exports

ContinueRunObject
CreateRunObject
DarkEdif_Invalid_Parameter
DestroyRunObject
EndApp
Free
GetDependencies
GetInfos
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
Initialize
LoadObject
PauseRunObject
StartApp
UnloadObject
_DllMain@12

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9bf62f7ab218af6a5fe5497e9781b5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

mmfs2

ws2_32

mswsock

secur32

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 405KB - Virtual size: 404KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 405KB - Virtual size: 404KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 21KB - Virtual size: 21KB