NEAS[.]396854bd1885883aeb5deccb257742a0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.396854bd1885883aeb5deccb257742a0_JC.exe
Size

624KB
MD5

396854bd1885883aeb5deccb257742a0
SHA1

6af5a9afcc478c0aa589d89537d220df59f8f415
SHA256

ce23394066bfacf0458b5d1a46f141df08c8a1bc0f0e778fd0712b5f8990047f
SHA512

4599b9ab97a3dc7a5d463bf5a8d0e6e8b2edb846083f81c7090e514b5ab8e72e1ce41edf0852d4c7eb36323c7475153cff9932297f4d2b062fe5c32173e67da4
SSDEEP

12288:veKOuJfE8919yMNolH1pXU0F4j25YuGy3Dz85vd2Tv7ehTLYff61Vm4Ov/pfV7v6:XOsfj919yMNolH1pXU0F4j25YuGy30k6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.396854bd1885883aeb5deccb257742a0_JC.exe

Files

NEAS.396854bd1885883aeb5deccb257742a0_JC.exe
.exe windows:4 windows x86

a304323e2c47a94af08f867ea313d002

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
recv
send
setsockopt
connect
listen
socket
bind
WSAStartup
getservbyname
gethostbyname
inet_addr
WSACleanup
select
WSAGetLastError
__WSAFDIsSet
accept
closesocket
inet_ntoa
ntohs
ntohl

ch10tmats

set_input_file_type
process_tmats_packet
iGoto
iOpen
iRead
iClose
iSize

processsymboltable

ScanAndSkipHeader

mfc80

ord266
ord548
ord4044
ord6205
ord262
ord1482
ord259
ord6703
ord299
ord6118
ord1489
ord2272
ord911
ord907
ord4109
ord3934
ord865
ord2322
ord304
ord297
ord6288
ord764
ord1187
ord1185
ord747
ord559
ord3174
ord3255
ord5331
ord6297
ord2346
ord1181
ord5320
ord6286
ord1580
ord762
ord1206
ord265
ord781
ord2902
ord2131
ord784
ord876
ord1439
ord5403
ord5323
ord2468
ord2903
ord578
ord629
ord5089
ord384
ord310

msvcr80

__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
_amsg_exit
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
free
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
_read
_write
_errno
_swab
realloc
system
floor
memcmp
fmod
fwrite
atof
pow
_stricmp
_close
tolower
strtod
strtoul
qsort
_access
strncpy
toupper
strtol
wctomb
_mbccpy
_mbsstr
_mbclen
_mbsncmp
_mbschr
_strnicmp
memcpy_s
memmove_s
memmove
isdigit
_time64
_stat64i32
_chdir
_getcwd
strncmp
exit
__iob_func
fflush
perror
setbuf
_strupr
strtok
strrchr
_strerror
strncat
strcmp
atoi
_fullpath
sscanf
fprintf
_stat64
strcat
strcpy
fopen
feof
fgets
strlen
memcpy
fclose
memset
sprintf
printf
__p__fmode
calloc
_open
_mbsnbcmp

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
DisableThreadLibraryCalls
LoadLibraryA
GetProcAddress
TerminateProcess
ResetEvent
SetThreadPriority
GetCommandLineA
GetModuleHandleA
CreateProcessA
FreeLibrary
CreateThread
WaitForMultipleObjects
InterlockedDecrement
SetEvent
GetTickCount
Sleep
lstrcpyA
EnterCriticalSection
CreateFileA
SetFilePointer
WriteFile
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
InterlockedIncrement
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FormatMessageA
LocalFree
GetLastError
ReleaseMutex
TryEnterCriticalSection
WaitForSingleObject
GlobalFree
CloseHandle
DeleteCriticalSection
CreateEventA
CreateMutexA
InitializeCriticalSection
GlobalAlloc
lstrlenA
CompareStringA
GetEnvironmentVariableA
InterlockedExchange
GetVersionExA

user32

wsprintfA

advapi32

ReportEventA
RegCreateKeyExA
RegisterEventSourceA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegFlushKey
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

msvcp80

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 35.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a304323e2c47a94af08f867ea313d002

Headers

File Characteristics

Imports

ws2_32

ch10tmats

processsymboltable

mfc80

msvcr80

kernel32

user32

advapi32

msvcp80

Sections

.text Size: 536KB - Virtual size: 532KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 8KB - Virtual size: 35.2MB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 536KB - Virtual size: 532KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 8KB - Virtual size: 35.2MB

.rsrc
Size: 4KB - Virtual size: 1KB