NEAS[.]716e299c1058c9f2030f31bc7270a210_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.716e299c1058c9f2030f31bc7270a210_JC.exe
Size

51KB
MD5

716e299c1058c9f2030f31bc7270a210
SHA1

2a7b6715ced494c3e95b6dce913340d3a489b1b2
SHA256

d40b3a86bae289649183341f4965bd340cd0c78a91e394c3b801986b5a0e34e8
SHA512

a94e5bee59864df3b679d6d546fe785bdc327fe27700e3c6a84b76adea17bd3ca3a711abc116959df9fce5c0368c7752f684f406990c39fcc8a74dc5c739ce02
SSDEEP

768:5nSiE+uLIrp4wmkhox0CyNWMJ6ZIPPsXatk9iaA+zcYZ+UMMNJlJPNeJlv+KqNV+:WNMywJhoGC4tkY2/Z+Uz1hEPy/923

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.716e299c1058c9f2030f31bc7270a210_JC.exe

Files

NEAS.716e299c1058c9f2030f31bc7270a210_JC.exe
.dll windows:10 windows x64

19953bad9e865506657f7ac10353ec33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_callnewh
wcsstr
memcpy_s
_purecall
malloc
free
_onexit
_errno
realloc
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_CxxThrowException
wcsncpy_s
memset
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

kernel32

SetUnhandledExceptionFilter
ReleaseActCtx
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
Sleep
FindResourceExW
FreeLibrary
LoadResource
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
QueryActCtxW
CreateActCtxW
InitializeCriticalSection
ActivateActCtx
LoadLibraryW
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
RaiseException
DeactivateActCtx
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
OutputDebugStringA
FindActCtxSectionStringW
lstrlenW
lstrlenA

advapi32

RegCloseKey
RegCreateKeyExW
GetTraceEnableFlags
RegQueryInfoKeyW
GetTraceLoggerHandle
RegDeleteValueW
UnregisterTraceGuids
RegSetValueExW
RegisterTraceGuidsW
TraceMessage
RegEnumKeyExW
GetTraceEnableLevel
RegOpenKeyExW

oleaut32

VarUI4FromStr

shell32

ord18
SHCreateItemInKnownFolder
ord155
SHGetIDListFromObject
ShellExecuteExW

user32

UnregisterClassA
SetMenuDefaultItem
InsertMenuW
LoadStringW
CharNextW
CharLowerW

api-ms-win-core-com-l1-1-1

IIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19953bad9e865506657f7ac10353ec33

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

oleaut32

shell32

user32

api-ms-win-core-com-l1-1-1

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 264B