NEAS[.]86ad9ea4a02ed9815d4b55199f798510_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.86ad9ea4a02ed9815d4b55199f798510_JC.exe
Size

1.6MB
MD5

86ad9ea4a02ed9815d4b55199f798510
SHA1

1a9fdf1c801f61b820a3739c88b484bed1722e2a
SHA256

8924c0f8e19d5a8595b4cc2e29224091a1dbaf40e56dcdfd1d8e52f17cbc77c3
SHA512

4161b8be1e5850d257790c095f8f11a5d74248160ed1265b9cbea43d442a2c5f471405fdb2d9484103b3ab274962741caad19a05a3f306051248224a3d1ceaf5
SSDEEP

24576:1BQvXTQ3O5obCqyU7vPRQ/MqKVaAHG+JsBFA+Gue1rRLb:1BQQRRcAmIgGr1rV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.86ad9ea4a02ed9815d4b55199f798510_JC.exe

Files

NEAS.86ad9ea4a02ed9815d4b55199f798510_JC.exe
.dll windows:10 windows x86

cfe2fd3f80d5f9d5bb1cfe9d3751d588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

msvcrt

qsort
wcsncmp
swscanf_s
_wtoi
_snwscanf_s
_wcslwr
_wcsupr
wcsnlen
_ultow_s
wcscat_s
swprintf_s
iswspace
wcsrchr
wcscpy_s
towupper
_wcsnicmp
_vscwprintf
bsearch
_wcsicmp
memset
strncmp
memcpy
memcmp
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
fclose
ldiv
memcpy_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_purecall
_vsnwprintf
wcsstr
_wfopen
fwprintf
wcstoul
memmove
memmove_s
wcschr

ntdll

RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlFindAceByType
RtlSetControlSecurityDescriptor
NtQueryInformationProcess
NtQueryInformationFile
NtSetSecurityObject
NtEnumerateBootEntries
NtOpenDirectoryObject
NtQueryDirectoryObject
NtTranslateFilePath
NtQueryBootEntryOrder
NtResetEvent
NtOpenFile
NtCreateEvent
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtDeviceIoControlFile
NtQuerySystemInformation
ZwResetEvent
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ZwCreateEvent
NtAdjustPrivilegesToken
NtOpenThreadTokenEx
RtlImpersonateSelf
NtSetInformationThread
NtOpenProcessTokenEx
LdrGetDllHandle
LdrGetProcedureAddress
RtlInitAnsiString
ZwAllocateUuids
RtlSetOwnerSecurityDescriptor
ZwOpenKey
ZwQueryKey
RtlCreateSecurityDescriptor
RtlLengthSid
ZwEnumerateKey
ZwDeleteKey
RtlAllocateAndInitializeSid
ZwLoadKey
RtlAddAccessAllowedAceEx
ZwSetSecurityObject
RtlLengthSecurityDescriptor
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
RtlSetDaclSecurityDescriptor
RtlFreeSid
RtlCreateAcl
ZwCreateKey
ZwUnloadKey
RtlAppendUnicodeToString
ZwQueryAttributesFile
ZwOpenFile
ZwClose
ZwWaitForSingleObject
ZwReleaseMutant
ZwOpenMutant
RtlGUIDFromString
RtlFreeUnicodeString
ZwQuerySystemInformation
RtlStringFromGUID
NtQueryValueKey
NtOpenKey
RtlRaiseStatus
NtYieldExecution
DbgPrintEx
RtlDowncaseUnicodeChar
RtlCompareMemory
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
NtClose
NtCreateFile
NtWaitForSingleObject
RtlNtStatusToDosError
NtSetInformationFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlAdjustPrivilege
RtlGetVersion
RtlInitUnicodeString
ZwDeviceIoControlFile

kernel32

FormatMessageW
LeaveCriticalSection
GetExitCodeProcess
GetFileAttributesW
ReadFile
GetModuleFileNameW
GetTimeZoneInformation
CreateFileW
CompareStringW
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
GetSystemDefaultLocaleName
DisableThreadLibraryCalls
ResetEvent
LocalAlloc
IsWow64Process
CreateEventW
GetProductInfo
WaitForMultipleObjects
IsDebuggerPresent
GetUserDefaultUILanguage
DeleteCriticalSection
GetCurrentThreadId
GetDiskFreeSpaceExW
CloseHandle
LocalFree
GetSystemTime
CreateThread
GetTickCount64
Sleep
OutputDebugStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetSystemPowerStatus
InitializeCriticalSectionAndSpinCount
LoadLibraryW
WideCharToMultiByte
GetProcessHeap
GetModuleHandleW
OutputDebugStringW
SetEvent
WaitForSingleObject
GetModuleHandleExW
CreateDirectoryW
HeapFree
SetEnvironmentVariableW
GetSystemWindowsDirectoryW
GetLogicalDriveStringsW
TlsGetValue
TlsFree
TlsAlloc
RemoveDirectoryW
GlobalMemoryStatusEx
GetVolumeInformationByHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReleaseSemaphore
GetSystemInfo
DuplicateHandle
OpenProcess
UnlockFileEx
LockFileEx
DeleteFileW
GetVolumeInformationW
InitializeCriticalSection
GetOverlappedResult
SetEndOfFile
GetHandleInformation
WriteFile
GetFileSizeEx
VirtualFree
VirtualAlloc
GetCurrentThread
GetSystemDirectoryW
GetFileSize
HeapReAlloc
SetErrorMode
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetPrivateProfileSectionW
GetPrivateProfileStringW
SetFileAttributesW
GetFileInformationByHandle
FindNextFileW
DeviceIoControl
FindClose
GetTempPathW
SetFilePointerEx
GetCurrentProcess
LoadLibraryExW
HeapAlloc
SystemTimeToTzSpecificLocalTime
CreateProcessW
FreeLibrary
GetSystemDefaultUILanguage
FlushFileBuffers
FindFirstFileW
GetFullPathNameW
ExpandEnvironmentStringsW
VirtualQuery
GetDriveTypeW
GetEnvironmentVariableW
TlsSetValue
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
GetTempFileNameW
GetNativeSystemInfo
GetLocaleInfoW
MultiByteToWideChar
GetVersionExA
GetVersionExW
GetSystemDefaultLCID
GlobalFree
ExitProcess
RaiseException
GetLocalTime
HeapSize
HeapDestroy

advapi32

RegUnLoadKeyW
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
RevertToSelf
RegDeleteKeyW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
SetThreadToken
DuplicateTokenEx
OpenThreadToken
AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
OpenProcessToken
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
GetAclInformation
RegSetValueExW
RegCloseKey
RegLoadKeyW
RegOpenKeyExW
RegSetKeySecurity
RegEnumValueW
RegGetValueW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegCreateKeyW

oleaut32

SystemTimeToVariantTime
SysFreeString
SysAllocString

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW
I_RpcMapWin32Status

slc

SLGetWindowsInformationDWORD

netapi32

NetGetJoinInformation
NetApiBufferFree

user32

UnregisterClassA
CharNextW
GetSystemMetrics
CharUpperW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

bcrypt

BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash

Exports

Exports

CreateSetupObject

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfe2fd3f80d5f9d5bb1cfe9d3751d588

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

oleaut32

rpcrt4

slc

netapi32

user32

setupapi

version

bcrypt

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 15KB - Virtual size: 17KB

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 199KB - Virtual size: 200KB

.reloc Size: 51KB - Virtual size: 50KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 15KB - Virtual size: 17KB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 199KB - Virtual size: 200KB

.reloc
Size: 51KB - Virtual size: 50KB