NEAS[.]698da22780ed95d0bcfb7a66476a9360_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.698da22780ed95d0bcfb7a66476a9360_JC.exe
Size

646KB
MD5

698da22780ed95d0bcfb7a66476a9360
SHA1

74f83f83c8bb09bc08cdd44551ea82517c6f1466
SHA256

53273722c1d2266dea7eb373610c4f1faa43819cf9ba5f8675b1f9a28ee8ec64
SHA512

c34191cfdd982e38e63571d27e7ab5cdfbdb483bca0bbececa8e1eb6592298217ab828ec6a7f2bebf1a57fbe2bd61eb21468a52bbe8a66dd38ba620b96c01139
SSDEEP

12288:I8v+o+ArAsLzPstZxR7PNlgtvxP/hwfL8uf3t6g8TzO8XIrM+AiDi1j8IKRLTxlk:Cd6Y8XIrM+AiDi1j8IKRLTxlyj6YMBba

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.698da22780ed95d0bcfb7a66476a9360_JC.exe

Files

NEAS.698da22780ed95d0bcfb7a66476a9360_JC.exe
.dll regsvr32 windows:6 windows x86

c3472eab52356b6d1b3cfcc16debe4c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryExA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
FreeLibrary
GetConsoleCP
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetModuleFileNameW
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
InitializeCriticalSection
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
WriteFile
GetStdHandle
GetProcessHeap
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
HeapSize
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
RaiseException
DecodePointer
EncodePointer
CloseHandle

user32

GetSystemMetrics
GetDlgItem
EndDialog
SetWindowTextA
MoveWindow
SendMessageA
GetWindowTextA
SetWindowTextW
GetParent
GetDesktopWindow
SetWindowLongA
GetWindowLongA
GetWindowRect
GetWindowTextW
DialogBoxParamA

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegCloseKey

ole32

CoCreateGuid
CoCreateInstance
CoGetMalloc

msjet40

ord193
ord912
ord187
ord188
ord139
ord119
ord106
ord127
ord113
ord102
ord160
ord122
ord171
ord131
ord175
ord141
ord145
ord165
ord161
ord121
ord910
ord911
ord115
ord321
ord104
ord109
ord120
ord316
ord152
ord114
ord134
ord174
ord309
ord318
ord151
ord132
ord170
ord155
ord173
ord128
ord142
ord137
ord101
ord118
ord112
ord153
ord185
ord162
ord147
ord103
ord178
ord154
ord191
ord107
ord136
ord169
ord130
ord176
ord311
ord803
ord802
ord804
ord801
ord133
ord146
ord312
ord304
ord310
ord317
ord315
ord302
ord158
ord126
ord138
ord56
ord906
ord908
ord156
ord159
ord172
ord167
ord179
ord108
ord163
ord124
ord116
ord184
ord907
ord909
ord196
ord140
ord148
ord195
ord110
ord319
ord144
ord157
ord123

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
VariantCopy
VariantInit
GetErrorInfo
SysStringByteLen
SetErrorInfo

msjter40

ord5
ord3
ord2
ord4

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3472eab52356b6d1b3cfcc16debe4c2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msjet40

oleaut32

msjter40

Exports

Exports

Sections

.text Size: 303KB - Virtual size: 303KB

.rdata Size: 155KB - Virtual size: 155KB

.data Size: 24KB - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 159KB - Virtual size: 159KB

.text
Size: 303KB - Virtual size: 303KB

.rdata
Size: 155KB - Virtual size: 155KB

.data
Size: 24KB - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 159KB - Virtual size: 159KB