NEAS[.]216a6f3657913fe80bd7fb2c4b838c70_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.216a6f3657913fe80bd7fb2c4b838c70_JC.exe
Size

161KB
MD5

216a6f3657913fe80bd7fb2c4b838c70
SHA1

4947b238c26ec2d7758363f1cfae7813cf714bcf
SHA256

b2ebb7edcf628f228e5e26baae8e10665e66352d4c78716aedb46811030203f8
SHA512

0d1c68dc08df22a58e5ba4ff432e9c9cde01ae5aed7f6ef4b4ffabc3699bd14178854a08622592c87e95c4ee1854502cc34bbdab2eab03fbe251642cc282bc82
SSDEEP

3072:oC+2dCloGcKVomOwHCSmxpJyyYLzzteHaUgCL7h3ot6lWug30u:P+2dCDmhwHCX7yyE5ezu6lqP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.216a6f3657913fe80bd7fb2c4b838c70_JC.exe

Files

NEAS.216a6f3657913fe80bd7fb2c4b838c70_JC.exe
.exe windows:6 windows x86

4962683fea14d8677b27271b978ee1d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW

kernel32

SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
CreateFileW
FlushFileBuffers
CloseHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
FreeLibrary
HeapSize
EnumSystemCodePagesW
LoadLibraryA
GetProcAddress
Sleep
GetProcessHeap
HeapAlloc
WriteConsoleW
GetConsoleOutputCP
DeleteCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
GetModuleHandleW
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
SetEndOfFile
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter

resutils

ResUtilGetPrivateProperties
ResUtilGetProperty
ResUtilVerifyPropertyTable
ResUtilSetSzValue
ResUtilFindSzProperty
ResUtilFindDwordProperty

ws2_32

send
WSAAsyncGetProtoByNumber
gethostname
closesocket
setsockopt
WSANtohl

user32

SendInput
LoadKeyboardLayoutA
GetScrollInfo
GetKeyboardLayoutNameA
CharToOemBuffA
SetActiveWindow
GetMenu

mswsock

EnumProtocolsW
sethostname
rcmd
getnetbyname
AcceptEx
NPLoadNameSpaces
MigrateWinsockConfiguration
WSARecvEx

shell32

SHFileOperationW
ShellExecuteA
ExtractIconExA
SHFileOperationA
DragQueryFileA
DoEnvironmentSubstW

pdh

PdhEnumObjectsW
PdhVbGetCounterPathElements
PdhUpdateLogA
PdhOpenQueryW
PdhUpdateLogW

gdi32

CreatePolygonRgn
GetDeviceCaps
ExtCreatePen
GetCharWidthI
GetROP2
GetTextExtentPoint32W
RemoveFontResourceExA
CreateScalableFontResourceA
GdiGetDevmodeForPage

setupapi

SetupDiGetSelectedDriverW
SetupDiInstallDeviceInterfaces
SetupPromptForDiskA
SetupDiOpenDevRegKey
SetupCommitFileQueue
SetupLogErrorW
SetupDefaultQueueCallbackW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantInit
SysAllocString

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4962683fea14d8677b27271b978ee1d5

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

resutils

ws2_32

user32

mswsock

shell32

pdh

gdi32

setupapi

ole32

oleaut32

Sections

.text Size: 110KB - Virtual size: 110KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 10KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 10KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B