NEAS[.]7cb548c0789b2ab0f8ed68d304d597a0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7cb548c0789b2ab0f8ed68d304d597a0_JC.exe
Size

232KB
MD5

7cb548c0789b2ab0f8ed68d304d597a0
SHA1

4fd65bbed6ae1d2d9d90c426a620ca7b11ba2049
SHA256

589634cb09a8a46f505243ccb2af4d22fbfe9c4598c6658c81de11f5ee055107
SHA512

7085637fc629cc37b5ee9fbf82a398a2ac0965de08e14115c39fed28a22006d35cc1bd52f069ac30bcc3aeee955fdf5d492636e382b495beff653b25c4e950f5
SSDEEP

3072:1KzeYA/0ibPwHVbr+13yR1FUcDIagtpxxeqovbgBSS0yn7djRUsPSzFUyLHUdNvV:cz6bPwpcaIcoxxeqoqDnZjR9NyL0dNN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7cb548c0789b2ab0f8ed68d304d597a0_JC.exe

Files

NEAS.7cb548c0789b2ab0f8ed68d304d597a0_JC.exe
.exe windows:4 windows x86

4eeced273e43e188a786c075e1f9ac62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageW
CreateEventW
CreateProcessW
GetCurrentProcess
GetModuleFileNameW
ExitThread
WriteFile
SetLastError
GetCurrentThreadId
GlobalAlloc
SetFilePointer
GlobalFree
LocalFree
GetSystemDirectoryW
FindClose
FindFirstFileW
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleW
EnterCriticalSection
GetCurrentProcessId
GetTempPathW
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GlobalLock
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
Sleep
OpenEventW
LocalAlloc
OpenMutexW
CreateMutexW
ReleaseMutex
CopyFileW
FileTimeToSystemTime
CreateDirectoryW
SetFileAttributesW
GetProcAddress
ReadFile
FlushFileBuffers
OpenFileMappingW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
GetACP
WaitNamedPipeW
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
RaiseException
VirtualAlloc
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
MapViewOfFile
CreateFileW
CreateFileMappingW
GetCPInfo
UnmapViewOfFile
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
GetLastError
GetSystemTimeAsFileTime
GetOEMCP

advapi32

GetTokenInformation
LookupAccountSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSidLengthRequired
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
GetSecurityDescriptorSacl
InitializeAcl
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

OpenClipboard
EmptyClipboard
GetSystemMetrics
MessageBoxW
CloseClipboard
SetClipboardData

shell32

ShellExecuteW
SHGetSpecialFolderPathW

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4eeced273e43e188a786c075e1f9ac62

Headers

File Characteristics

Imports

kernel32

advapi32

imm32

version

user32

shell32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 94KB - Virtual size: 96KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 94KB - Virtual size: 96KB