NEAS[.]d7b2561f5d4bfd97349b2fc767e51440_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d7b2561f5d4bfd97349b2fc767e51440_JC.exe
Size

88KB
MD5

d7b2561f5d4bfd97349b2fc767e51440
SHA1

b7a367812890dfcac534adb5fb35b93df9a38c9e
SHA256

c66eaffd87b82adb5b916799fce326374cd248cfe1cf08eeb7c89983ebc54a9b
SHA512

eeb95f70528b81063537474b36abed2159cbf8a61ffdfbbf7c7c041af71a05bc4a3d79db61cdd0a85d4d6d893e4828e38f8db13b01f3886fac3056903095a42e
SSDEEP

768:WwmG84kKcoOkjrfdQB9u3DdWAknmuUTzL0hfmFRpjE4N6LH3pbfBpqI:WRYdLZhbWfmFRpj5NOb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d7b2561f5d4bfd97349b2fc767e51440_JC.exe

Files

NEAS.d7b2561f5d4bfd97349b2fc767e51440_JC.exe
.exe windows:4 windows x86

e3cc32fe506e37f960be924e5c3625ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

carclw60

GOL$A87
CARC__DivideByZeroError
GOL$S87
GOL$M5
GOL$D5
GOL$VN_ASCII7_SIGN_TABLE
CARC__CancelDynamicInstance
CARC__StopRun
_CARC__ApplicationMain@8
CARE__ExitProcess
GOL$C87
GOL$587
GOL$COPYDATA
REALIA_FREEMAIN
REALIA_GETMAIN
REALIA_FINDNEXT
REALIA_EXEC_WAIT
REALIA_FINDCLOSE
REALIA_FINDFIRST
REALIA_SET_CURRENT_DIRECTORY
REALIA_GET_CURRENT_DIRECTORY
CARC__EnterInstance
CARC__CallUnderflowError
GOL$COPYFILL
GOL$857
CARC__ExitInstance
CARC__GetDynamicCallAddress

kernel32

GetPrivateProfileStringA
DeleteFileA
WritePrivateProfileStringA
CopyFileA
GlobalMemoryStatus
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceA
GetVersionExA
GetSystemInfo
MoveFileA
GetTickCount

user32

CharUpperBuffA

sp2

SP2

e100000a

_900ARDK0@12
_910ARLK0@12
_920ARNK0@12
_930ARPK0@12
_940AOPEN@12
_950AWRTE@12
_960AREWR@12
_970ADELE@12
_980ACLSE@12
_990AUNLK@12
_9A0ARNL0@12
_9B0ASTAT@12
_9C0AGPC0@12
_9D0AFPC0@12
_9F0ARLM0@12
_9G0ARNM0@12

e100000b

_900BRDK0@12
_920BRNK0@12
_930BRPK0@12
_940BOPEN@12
_950BWRTE@12
_960BREWR@12
_970BDELE@12
_980BCLSE@12
_990BUNLK@12
_9A0BRNL0@12
_9B0BSTAT@12
_9C0BGPC0@12
_9D0BFPC0@12
_9F0BRLM0@12
_9G0BRNM0@12
_910BRLK0@12

e100006a

_916ARLK0@12
_926ARNK0@12
_936ARPK0@12
_946AOPEN@12
_956AWRTE@12
_966AREWR@12
_976ADELE@12
_986ACLSE@12
_996AUNLK@12
_9A6ARNL0@12
_9B6ASTAT@12
_9C6AGPC0@12
_9D6AFPC0@12
_9F6ARLM0@12
_9G6ARNM0@12
_906ARDK0@12

e100000r

_940ROPEN@12
_900RRDK0@12
_910RRLK0@12
_920RRNK0@12
_930RRPK0@12
_950RWRTE@12
_960RREWR@12
_970RDELE@12
_980RCLSE@12
_990RUNLK@12
_9A0RRNL0@12
_9B0RSTAT@12
_9F0RRLM0@12
_9G0RRNM0@12

e10000lr

_91LRRLK3@12
_91LRRLK2@12
_91LRRLK1@12
_91LRRLK0@12
_9BLRSTAT@12
_90LRRDK3@12
_90LRRDK2@12
_90LRRDK1@12
_90LRRDK0@12
_9ALRRNL4@12
_91LRRLK4@12
_9ALRRNL2@12
_9ALRRNL1@12
_9ALRRNL0@12
_99LRUNLK@12
_98LRCLSE@12
_97LRDELE@12
_96LRREWR@12
_95LRWRTE@12
_93LRRPK4@12
_93LRRPK3@12
_93LRRPK2@12
_92LRRNK0@12
_92LRRNK1@12
_92LRRNK2@12
_92LRRNK3@12
_92LRRNK4@12
_93LRRPK0@12
_9GLRRNM4@12
_9GLRRNM3@12
_9GLRRNM2@12
_9GLRRNM1@12
_9GLRRNM0@12
_9FLRRLM4@12
_9FLRRLM3@12
_9FLRRLM2@12
_9FLRRLM1@12
_9ALRRNL3@12
_9FLRRLM0@12
_90LRRDK4@12
_93LRRPK1@12

e100000g

_9G0GRNM3@12
_9G0GRNM2@12
_9G0GRNM1@12
_9G0GRNM0@12
_9F0GRLM3@12
_9F0GRLM2@12
_9F0GRLM1@12
_9F0GRLM0@12
_9D0GFPC3@12
_9D0GFPC2@12
_9D0GFPC1@12
_9D0GFPC0@12
_9C0GGPC3@12
_9C0GGPC2@12
_9C0GGPC1@12
_9C0GGPC0@12
_9B0GSTAT@12
_9A0GRNL3@12
_9A0GRNL2@12
_9A0GRNL1@12
_9A0GRNL0@12
_990GUNLK@12
_980GCLSE@12
_970GDELE@12
_960GREWR@12
_950GWRTE@12
_940GOPEN@12
_930GRPK3@12
_930GRPK2@12
_930GRPK1@12
_930GRPK0@12
_920GRNK3@12
_920GRNK2@12
_920GRNK1@12
_920GRNK0@12
_910GRLK3@12
_910GRLK2@12
_910GRLK1@12
_910GRLK0@12
_900GRDK3@12
_900GRDK2@12
_900GRDK1@12
_900GRDK0@12

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RCLID_TE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCLEP_DA
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3cc32fe506e37f960be924e5c3625ee

Headers

File Characteristics

Imports

carclw60

kernel32

user32

sp2

e100000a

e100000b

e100006a

e100000r

e10000lr

e100000g

Sections

.text Size: 64KB - Virtual size: 60KB

RCLID_TE Size: 4KB - Virtual size: 3KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 260B

RCLEP_DA Size: 4KB - Virtual size: 116B

.text
Size: 64KB - Virtual size: 60KB

RCLID_TE
Size: 4KB - Virtual size: 3KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 260B

RCLEP_DA
Size: 4KB - Virtual size: 116B