NEAS[.]dd6620d1e9e7cb3570527c84e4e51820_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.dd6620d1e9e7cb3570527c84e4e51820_JC.exe
Size

1.4MB
MD5

dd6620d1e9e7cb3570527c84e4e51820
SHA1

8f48299f9dfa45425c4f23d526bd9dd2b623d144
SHA256

fea6fe682bab34e4361cd22a860767dcdf3a130cfa02dcb1178320a0e57fb984
SHA512

baf2d65ef6ff3e913005a2ee5f24efc8c2447899b20244339d1d7953828a09ed7ed05a914f013cfd078f905399030ba49dbc5aaccfd381c5e4089be5bee5a8e6
SSDEEP

12288:2L376JESnKdcAjSigcjSVPgfiTbsMtRtjLO+hubU3gYXb1QChhLNsB2:W76JESnKkinOlbsMlPjz3dXhQChtNsB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.dd6620d1e9e7cb3570527c84e4e51820_JC.exe

Files

NEAS.dd6620d1e9e7cb3570527c84e4e51820_JC.exe
.exe windows:5 windows x86

b4be9f3d0535b7fcee6b26cebb2a1167

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libintl-8

libintl_textdomain
libintl_gettext
libintl_bindtextdomain

libpq

ord48
ord33
ord21
ord140
ord15
ord14
ord122
ord121
ord120
ord4
ord156
ord68
ord75
ord91
ord90
ord130
ord70
ord67
ord76
ord69
ord77
ord64
ord72
ord34
ord45
ord126
ord113

kernel32

DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
SleepEx
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetFileAttributesExA
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
FormatMessageA
DeviceIoControl
SetEnvironmentVariableA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetConsoleCtrlHandler
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
WaitForSingleObject
ReadFile
CloseHandle
DuplicateHandle
CreatePipe
CreateProcessA
GetCurrentDirectoryA
GetStdHandle
GetConsoleMode
SetConsoleMode
GetProcAddress
GetModuleHandleA

advapi32

SetTokenInformation
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAceEx
GetTokenInformation

msvcr120

strncmp
strstr
isupper
realloc
memset
fputc
_pclose
_errno
getenv
strerror
strncpy
isalpha
islower
toupper
tolower
fwrite
sprintf
memmove
strchr
isdigit
_dclass
fclose
fflush
fgets
fopen
fputs
strcspn
_putenv
setlocale
memcpy
_stat32
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_strdup
malloc
free
_unlink
exit
strrchr
_getcwd
__iob_func
abort

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4be9f3d0535b7fcee6b26cebb2a1167

Headers

DLL Characteristics

File Characteristics

Imports

libintl-8

libpq

kernel32

advapi32

msvcr120

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB