NEAS[.]1e3dc86c4fd587fc5d9a7962c26ac560_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1e3dc86c4fd587fc5d9a7962c26ac560_JC.exe
Size

6.5MB
MD5

1e3dc86c4fd587fc5d9a7962c26ac560
SHA1

5f09877b361aa0f674a50d013eff602d2158a713
SHA256

e2566e89cd2a3ac6457ff853ed33b91262039f4501649eac71f00d179ed746a9
SHA512

8da0c24012469469e7a7ebfbeadb9363a0b8347afc8c39bc6ee6ca1c9668f2d89c000416e203c93067a1cd69f9c8fd9855d9becf1f4f582d4cf1f4dc17e0d2d8
SSDEEP

49152:SmLNwqlBGSGjrSSWrujR5ot29hn7kKFdni3nyp0zTYunb9x6WIjtwMY1pPltYci2:2TZytulmGxzjqYJKhi/Zdo3FYzPy+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1e3dc86c4fd587fc5d9a7962c26ac560_JC.exe

Files

NEAS.1e3dc86c4fd587fc5d9a7962c26ac560_JC.exe
.exe windows:6 windows x64

c77054101974ecfce11653b0be816e40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
CloseHandle
Sleep
GetTickCount
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexA
GetCurrentProcess
IsWow64Process
GetModuleHandleA
GetSystemInfo
VirtualProtect
GetModuleHandleW
lstrcmpiW
GetComputerNameW
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
OpenThread
Thread32Next
WakeAllConditionVariable
GetCurrentThread
GetUserPreferredUILanguages
GetTickCount64
GetLogicalDrives
GetComputerNameExW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetFileInformationByHandleEx
DeleteFileW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
SwitchToThread
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeConditionVariable
GetFileInformationByHandle
DuplicateHandle
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
SetLastError
QueryPerformanceFrequency
FormatMessageW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFullPathNameW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetFileInformationByHandle
CopyFileExW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
OpenProcess
ReadProcessMemory
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
VirtualQueryEx
GlobalMemoryStatusEx
PostQueuedCompletionStatus
LoadLibraryExA
RtlVirtualUnwind
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryA
GetEnvironmentVariableA
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
MoveFileExA
CreateFileA
GetFileSizeEx
ReadFile
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
IsProcessorFeaturePresent
InitializeSListHead
UnhandledExceptionFilter

ntdll

NtDeviceIoControlFile
NtCancelIoFileEx
NtResumeThread
NtQueryInformationThread
NtSetInformationThread
RtlGetCurrentPeb
NtQuerySystemInformation
RtlGetVersion
NtQueryInformationProcess
NtReadFile
NtWriteFile
NtCreateFile
RtlNtStatusToDosError

pdh

PdhAddEnglishCounterW
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA
PdhGetFormattedCounterValue

advapi32

SystemFunction036
RegEnumKeyExW
CryptGenRandom
GetUserNameW
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
LookupAccountSidW
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
RegQueryValueExW
RegCloseKey

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFreeCertificateChain
CryptUnprotectData
CertOpenStore
CertFindExtension
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CertGetCertificateChain
CryptStringToBinaryA
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertFreeCertificateChainEngine
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext

iphlpapi

GetIfTable2
GetIfEntry2
GetAdaptersAddresses
FreeMibTable

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetLocalGroups
NetUserGetInfo

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
GetMonitorInfoW

gdi32

StretchBlt
CreateDCW
GetDeviceCaps
DeleteObject
GetObjectW
GetDIBits
DeleteDC
SetStretchBltMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

ole32

CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitializeSecurity

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ws2_32

htons
WSAWaitForMultipleEvents
send
getsockname
WSARecv
recv
getpeername
WSACleanup
WSAStartup
shutdown
getaddrinfo
WSASocketW
bind
socket
setsockopt
ioctlsocket
WSASend
WSAIoctl
connect
closesocket
WSAGetLastError
recvfrom
listen
select
htonl
accept
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
__WSAFDIsSet
ntohs
getsockopt
WSASetLastError
WSACreateEvent
freeaddrinfo
WSACloseEvent

bcrypt

BCryptGenRandom

psapi

GetModuleFileNameExW
GetPerformanceInfo

powrprof

CallNtPowerInformation

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
SysStringLen
GetErrorInfo

vcruntime140

__current_exception
__C_specific_handler
memchr
strstr
strrchr
__current_exception_context
strchr
memcmp
memmove
__CxxFrameHandler3
memset
memcpy

api-ms-win-crt-string-l1-1-0

wcslen
strspn
strcspn
isupper
strncpy
strcmp
strpbrk
_strdup
strlen
strcpy
tolower
strncmp

api-ms-win-crt-heap-l1-1-0

calloc
malloc
realloc
_msize
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

pow
log
__setusermatherr
_dclass

api-ms-win-crt-runtime-l1-1-0

__sys_errlist
_crt_atexit
_beginthreadex
_register_onexit_function
_set_app_type
__sys_nerr
_errno
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_endthreadex
terminate
_wassert
_initialize_onexit_table
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_initialize_narrow_environment
abort
_get_initial_narrow_environment

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atoi
strtoll
wcstombs

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
fclose
_read
__stdio_common_vsscanf
fwrite
fputs
_write
_close
feof
fopen
__stdio_common_vsprintf
fseek
_open
ftell
fread
fgets
__acrt_iob_func
_lseeki64
fputc
fflush

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
_gmtime64
strftime

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_access
_stat64
_unlink

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c77054101974ecfce11653b0be816e40

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

ntdll

pdh

advapi32

wininet

crypt32

iphlpapi

netapi32

user32

gdi32

ole32

shell32

ws2_32

bcrypt

psapi

powrprof

oleaut32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 27KB - Virtual size: 30KB

.pdata Size: 123KB - Virtual size: 123KB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 27KB - Virtual size: 30KB

.pdata
Size: 123KB - Virtual size: 123KB

.reloc
Size: 49KB - Virtual size: 49KB