NEAS[.]eb93f1fa7f74787e6787044deb585800_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.eb93f1fa7f74787e6787044deb585800_JC.exe
Size

3.4MB
MD5

eb93f1fa7f74787e6787044deb585800
SHA1

1d8b6354d065f79bd42bf8819f4b6a92e12c8a4c
SHA256

e80e476e68bb58ef3f0932f9f8b7e1c95fba6ebe19c92932051ef3fb4e130b92
SHA512

bcb797f89d6782467e51470c69d330df62b2975890f6350d34928603fdd522c6090d548d5fb242b62ec6184c9348769ef0795d136c347931ad5bcf2f40173a9b
SSDEEP

98304:V9JoKVeVnA9JdjX4RHjnUxz9gSDt6EwkDNZBqqq3ipvgk:V9mGbX4RHQxZgSZFw+NTqlwvg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.eb93f1fa7f74787e6787044deb585800_JC.exe

Files

NEAS.eb93f1fa7f74787e6787044deb585800_JC.exe
.dll regsvr32 windows:5 windows x86

493b508821581f21e590efe97a4819bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrlenA
GetModuleHandleW
FreeLibrary
LoadResource
lstrcpynA
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
FindResourceW
MultiByteToWideChar
IsDebuggerPresent
LoadLibraryW
GetProcAddress
GetSystemTime
SetThreadPriority
InterlockedExchange
GetVersionExW
OutputDebugStringW
GetCommandLineW
lstrlenW
GetTickCount
CloseHandle
FlushFileBuffers
Sleep
ExitProcess
GetCurrentProcessId
CreateEventW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
InterlockedDecrement
SizeofResource
InterlockedIncrement
WriteConsoleW
SetStdHandle
GetStringTypeW
GetConsoleCP
LCMapStringW
GetConsoleMode
SetFilePointerEx
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
HeapReAlloc
GetProcessHeap
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
SetEvent
ResetEvent
InitializeCriticalSection
CreateMutexW
LocalFree
LocalAlloc
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
OpenProcess
GetCurrentProcess
TerminateProcess
SystemTimeToFileTime
CompareFileTime
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
GetSystemDirectoryW
CreateFileW
GetFileSize
ReadFile
WriteFile
CreateDirectoryW
FindClose
DeleteFileW
RemoveDirectoryW
MoveFileExW
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetComputerNameW
RtlUnwind
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
ExitThread
GetStdHandle
GetModuleHandleExW
HeapSize
SetLastError
UnhandledExceptionFilter

user32

MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
FindWindowW
CharNextW
GetMessageA
DispatchMessageA
TranslateMessage
GetMessageW
wsprintfW
CharLowerBuffW
wvsprintfW
IsWindowUnicode

advapi32

CryptAcquireContextW
CryptHashData
CryptGetHashParam
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
CryptDestroyHash
CryptReleaseContext
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
GetUserNameW
CryptCreateHash

ole32

CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
StringFromIID
CoCreateInstance
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

ws2_32

gethostbyname
getsockname
send
recv
accept
listen
__WSAFDIsSet
htons
inet_ntoa
ntohs
select
WSAStartup
socket
shutdown
setsockopt
closesocket
connect
bind

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW
UuidEqual
UuidCreate

shell32

ShellExecuteExW
SHGetFolderPathW

shlwapi

StrStrIW
StrToIntExW

winhttp

WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 887KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

493b508821581f21e590efe97a4819bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

rpcrt4

shell32

shlwapi

winhttp

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 887KB - Virtual size: 896KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 887KB - Virtual size: 896KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 40KB - Virtual size: 39KB