NEAS[.]cc742c1cbe4d576d7cbb1b61efd6ed00_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cc742c1cbe4d576d7cbb1b61efd6ed00_JC.exe
Size

13KB
MD5

cc742c1cbe4d576d7cbb1b61efd6ed00
SHA1

5732bb73ef9030ffb98927f847417e18f8521afe
SHA256

b022967e5012e3e4dc97098f008718a50ba0456dd81262dccbf9001cdaa363c0
SHA512

b57da458f44fc3a68222aff44282f095d8921c96c402036c71d720323dad5d8fefc1a3b2abc231b5f94be15e932767c74c93308e725c19949cbdfd265ea7b82f
SSDEEP

192:IZ6zaR3z8u43fj0OeBas1AR6N+JMwGwhGkrE2q3jQBpCu7izc1EPLPwWuwrW:IZ6zaRDp4v2BasqENaBqduWzPwWbrW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cc742c1cbe4d576d7cbb1b61efd6ed00_JC.exe

Files

NEAS.cc742c1cbe4d576d7cbb1b61efd6ed00_JC.exe
.dll windows:10 windows x64

fed96e5e6b2f5bc0a78a25ee09f27f6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ

msvcrt

??3@YAXPEAX@Z
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-com-l1-1-1

CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter

ztrace_ca

ZTraceReportOriginationNoThis
ZTraceReportPropagation
ZTraceReportOrigination
ZTraceReportPropagationNoThis

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fed96e5e6b2f5bc0a78a25ee09f27f6e

Headers

DLL Characteristics

File Characteristics

Imports

msvcp110_win

msvcrt

ntdll

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

ztrace_ca

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 408B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 408B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 68B