NEAS[.]5e72d33b80162ebe4bfd3ec4d75a4dc0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5e72d33b80162ebe4bfd3ec4d75a4dc0_JC.exe
Size

386KB
MD5

5e72d33b80162ebe4bfd3ec4d75a4dc0
SHA1

d95089e565aa5207fffa5f87e64ee1dc7daca2ee
SHA256

20ea7a8f922be18d0d17a70046a0412d5b209d37cafa612c485cb6659a9195e4
SHA512

49e8f2234815c0f6a1b413e4188312549b07384b17d08ec36fd388a4263b6f92906c9650bc8f16c2aae4849c80892919913d85cec0c8bfbc581f86ea1d3225f0
SSDEEP

12288:7oK3bnT8CzwAxafWXTstYrly4uhZtLPuNcxQXH:8K3bnTieXTsNuNx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5e72d33b80162ebe4bfd3ec4d75a4dc0_JC.exe

Files

NEAS.5e72d33b80162ebe4bfd3ec4d75a4dc0_JC.exe
.dll windows:6 windows x86

5b07cd4d4a4d92ca801936bbc5d1a0d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceA
lstrcpynA
lstrcpyA
lstrcatA
lstrlenA
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleA
QueryPerformanceCounter
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
InitializeSListHead
GetModuleFileNameA
GetSystemDirectoryA
DeleteCriticalSection
LeaveCriticalSection
GetTickCount
EnterCriticalSection
InitializeCriticalSection
GetLastError
OutputDebugStringA
GetCurrentDirectoryA
GetCurrentProcessId
SetCurrentDirectoryA

user32

wsprintfA

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_counter
_Query_perf_frequency

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__current_exception
strstr
strrchr
strchr
_purecall
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
memset
memmove
memcpy
memcmp
memchr
__std_terminate
_CxxThrowException
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_set_invalid_parameter_handler
_cexit
terminate
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-string-l1-1-0

_strlwr
strtok_s
isdigit
_strnicmp
isalpha
strncmp
isalnum
isxdigit
tolower
toupper
isupper
wcsncpy
_stricmp
strncat
isspace
strlen
strcmp
wcscpy_s

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vsscanf

api-ms-win-crt-time-l1-1-0

_mktime64
_time64
_difftime64
_localtime64
_gmtime64

api-ms-win-crt-multibyte-l1-1-0

_mbsstr

api-ms-win-crt-convert-l1-1-0

atoi

Exports

Exports

PlugInMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 246KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b07cd4d4a4d92ca801936bbc5d1a0d7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

version

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 108B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 246KB - Virtual size: 248KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 108B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 246KB - Virtual size: 248KB