NEAS[.]44f5bf12b9401bd846da987a5897c320_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.44f5bf12b9401bd846da987a5897c320_JC.exe
Size

1.3MB
MD5

44f5bf12b9401bd846da987a5897c320
SHA1

14affd6bfd65cc42a5ba63fe3565b04c442befbd
SHA256

168b6f5290b4597c9906d53224cee5ddda5489c4f1062fd6bb94f9c31bf081c1
SHA512

54683940232e946451b3b22d5dca3f95f93f42521120903c1c7f982c04e72da47a37d5302de4fd0edc37f182b4a95fc4685680984841442e007def37dcb760c8
SSDEEP

24576:Z9ypVnBJhpRCSK1nwHI7njknrk+ctdTavxxaLIdJBV1Ls2wBP:Z9U2P14OIn4FT6xxaLsJBV1Ls2wB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.44f5bf12b9401bd846da987a5897c320_JC.exe

Files

NEAS.44f5bf12b9401bd846da987a5897c320_JC.exe
.exe windows:4 windows x64

772da25c0d67ccf845a71ea867164f51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
memmove
fseek
fread
fclose
ftell
memcpy
log10
_wfopen
wcslen
wcscpy
wcscmp
wcscat
memcmp
_strdup
sprintf
free
longjmp
_setjmp
_wcsdup
strcpy
_wcsicmp
wcsncmp
wcsncpy
_snwprintf
tolower
fabs
malloc
ceil
floor
pow
??3@YAXPEAX@Z
setlocale
swscanf
wcsstr
_wcsnicmp
realloc
_errno
calloc
fopen
toupper
perror
atan
fprintf
log
cos
sin
ldexp
qsort
exp
sqrt
exit
acos
frexp
memchr
modf
strerror
abort
atof
_gmtime64
fflush
ferror
remove
fwrite
__iob_func
getenv
sscanf
strchr
strstr
isxdigit
strncmp
isalpha
strtol
strncpy
strrchr
strpbrk
strtoul
_time64
_strtoi64
fgets
fputs
atoi
isspace
isdigit
_stricmp
_strnicmp
_read
_write
fputc
isalnum
_stat64
isupper
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
OpenProcess
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CloseHandle
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
VirtualProtectEx
HeapDestroy
ExitProcess
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
GetNativeSystemInfo
GetCurrentProcess
VirtualQueryEx
Process32FirstW
Process32NextW
GetLastError
TerminateProcess
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
GetCurrentThread
DuplicateHandle
CreateSemaphoreW
CreateThread
ReleaseSemaphore
LeaveCriticalSection
WaitForMultipleObjects
Sleep
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
CreatePipe
GetStdHandle
CreateProcessW
GetCommandLineW
PeekNamedPipe
ReadFile
HeapReAlloc
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetTickCount
WideCharToMultiByte
CreateFileW
DeleteFileW
WriteFile
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
GlobalFree
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
CreateDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CopyFileW
GetDriveTypeW
GetFileAttributesW
SetFilePointer
GetFileSize
HeapSize
MulDiv
TlsFree
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoA
LoadLibraryA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA

user32

GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongPtrW
GetAsyncKeyState
GetKeyboardState
ShowWindow
SendMessageW
SetClassLongPtrW
RedrawWindow
GetDesktopWindow
GetWindow
GetWindowTextLengthW
GetWindowTextW
WindowFromPoint
FindWindowW
GetKeyNameTextW
MapVirtualKeyW
PeekMessageW
RegisterHotKey
UnregisterHotKey
MessageBoxW
DefWindowProcW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
IsWindowVisible
EnumWindows
SetWindowPos
BeginPaint
EndPaint
SetWindowTextW
CallWindowProcW
RemovePropW
GetPropW
SetPropW
SetScrollPos
GetParent
GetDC
InflateRect
ReleaseDC
GetWindowDC
GetWindowRect
GetIconInfo
InvalidateRect
UpdateWindow
ReleaseCapture
DrawStateW
SetCapture
ScreenToClient
GetClientRect
FillRect
GetSysColor
GetSysColorBrush
SetRect
DrawTextW
GetWindowLongW
SetScrollInfo
GetScrollPos
MoveWindow
GetScrollRange
MapWindowPoints
ClientToScreen
GetFocus
GetClassNameW
EnumPropsExW
SetActiveWindow
DestroyIcon
RegisterClassW
AdjustWindowRectEx
GetMenu
IsZoomed
DefFrameProcW
EnumChildWindows
PostMessageW
GetActiveWindow
MsgWaitForMultipleObjects
GetKeyState
IsChild
RegisterWindowMessageW
EnumDisplaySettingsW
GetCursorPos
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreatePatternBrush
GetStockObject
ExcludeClipRect
GetObjectType
GetObjectW
DeleteObject
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32W
CreateSolidBrush
GetDeviceCaps
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
SelectClipRgn
CreateDCW
DeleteDC
CreateCompatibleDC
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
BitBlt
CreateFontW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

CoInitialize
OleInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
OleCreate
OleSetContainedObject

shell32

ShellExecuteExW

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recv
WSAGetLastError
send
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
ntohs
gethostname
ntohl
htonl

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
SysAllocString
VariantInit
DispGetParam
VariantClear
SysStringLen

Sections

.code
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

772da25c0d67ccf845a71ea867164f51

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

ws2_32

wsock32

winmm

gdiplus

uxtheme

comctl32

oleaut32

Sections

.code Size: 144KB - Virtual size: 143KB

.text Size: 679KB - Virtual size: 679KB

.rdata Size: 124KB - Virtual size: 123KB

.pdata Size: 36KB - Virtual size: 36KB

_RDATA Size: 512B - Virtual size: 48B

.data Size: 302KB - Virtual size: 316KB

.rsrc Size: 73KB - Virtual size: 73KB

.code
Size: 144KB - Virtual size: 143KB

.text
Size: 679KB - Virtual size: 679KB

.rdata
Size: 124KB - Virtual size: 123KB

.pdata
Size: 36KB - Virtual size: 36KB

_RDATA
Size: 512B - Virtual size: 48B

.data
Size: 302KB - Virtual size: 316KB

.rsrc
Size: 73KB - Virtual size: 73KB