NEAS[.]4cf46d944e1a194b3d15130e8fe8f090_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4cf46d944e1a194b3d15130e8fe8f090_JC.exe
Size

58KB
MD5

4cf46d944e1a194b3d15130e8fe8f090
SHA1

5430c4bed332f15a93cd0edf93ee8ca157919c35
SHA256

3aef49da712e59dca004afa8932f59bfa849599770ca2af8811f092ae61e19fd
SHA512

cbe090b2f1e27982cb8f15d293a5af6f4c9d1eac154f586c270777cea8a1c23e7380d35faaf3ab9768d5c9f7f9911f1126491e3fa71b659d50cc746752a683d5
SSDEEP

768:K19y9qU7NZ0fHJe4JKXG3/u2Uo6ENdRUnXh7zMNDLjVhbVbD+:IMT0fm23/u2UofTRUxsVjbVn+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4cf46d944e1a194b3d15130e8fe8f090_JC.exe

Files

NEAS.4cf46d944e1a194b3d15130e8fe8f090_JC.exe
.exe windows:5 windows x86

12c04d1f3d86b833cceeb3252d2c9e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
ResetEvent
CloseHandle
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent

libav

ord44264
ord44302
ord44306
ord44305
ord44304
ord44313
ord44315
ord44301
ord44310
ord44271
ord44312
ord2
ord1003
ord44208
ord19
ord44206
ord20
ord44207
ord3
ord44337
ord44314
ord44333
ord44341
ord44323
ord44334
ord21
ord44346
ord44209
ord44221
ord44217
ord44311
ord14
ord10
ord44308
ord26
ord44318
ord44309
ord25
ord44303
ord15
ord44344
ord44299
ord44219
ord44307
ord16
ord44214
ord24
ord44342
ord44220
ord44204
ord44321
ord44328
ord44347
ord44324
ord44317
ord27
ord44319
ord44339
ord44340
ord44326
ord30
ord44276
ord44335
ord44218
ord7
ord32
ord44325
ord44329
ord44348
ord44297
ord44298
ord44330
ord44338
ord49
ord9
ord11
ord46
ord18
ord12
ord70
ord6
ord34
ord44331
ord17
ord33
ord13
ord44284
ord8
ord42
ord44286
ord44300

msvcr110

_write
_close
_unlink
_umask
memcmp
_lseek
_strdup
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
_controlfp_s
_invoke_watson
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnprintf
fflush
fgets
_ctime64
_chsize
strncmp
fclose
fopen
memchr
memmove
strncpy
_fstat64i32
calloc
_errno
malloc
exit
_time64
strcat_s
realloc
_setmode
strrchr
_fileno
strcpy_s
fprintf
printf
__iob_func
free
_snprintf_s
sprintf
memset

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12c04d1f3d86b833cceeb3252d2c9e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

libav

msvcr110

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB