NEAS[.]28ebe3c130b01fa9d463127051390890_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.28ebe3c130b01fa9d463127051390890_JC.exe
Size

68KB
MD5

28ebe3c130b01fa9d463127051390890
SHA1

dc08b50dcd3be7985965b4a5ea0439adcc1d1865
SHA256

5307582491e6b2db499da3c79806924b220192173c89a91b1ce6feca1fee1fc7
SHA512

8e1cc50e0e4bbc70ee99ce6416c8e713de94f6862ce9ceb91875f5b12bd949ef110ae84e612213c2e6eb7193c8dd731f26a72e14c1e15b64791d0d550f95acbd
SSDEEP

1536:yvFe3L+iR/+TqTC30MSKdk8EYWNfXoebbyKxx:0Fe3Z2TqTwjk8EtNfXoebbyKx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.28ebe3c130b01fa9d463127051390890_JC.exe

Files

NEAS.28ebe3c130b01fa9d463127051390890_JC.exe
.exe windows:4 windows x86

b701e31360ab2d6aa19dd55b3a676f9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
connect
inet_addr
socket
htons
ioctlsocket
accept
ntohs
WSAGetLastError
getsockname
listen
bind
WSAStartup
setsockopt
WSACleanup
recv
send
closesocket

mpr

WNetUseConnectionA
WNetCancelConnection2A
WNetGetConnectionA

kernel32

ReadFile
DeleteFileA
Sleep
GetLastError
WriteFile
CopyFileA
GetFileSize
GetLocalTime
TerminateProcess
OpenProcess
GetComputerNameA
CreateThread
LoadLibraryA
LocalFree
FormatMessageA
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
SetConsoleCtrlHandler
GlobalFree
GlobalAlloc
GetStdHandle
AllocConsole
SetEvent
CreateEventA
CreateFileA
WaitForSingleObject
CloseHandle
FreeLibrary
SetFilePointer
GetProcAddress
CreateProcessA
FlushFileBuffers
GetFullPathNameA
LCMapStringW
HeapAlloc
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentDirectoryA
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetVersion
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetCommandLineA
RtlUnwind
GetStartupInfoA
SetHandleCount
GetCurrentProcess
GetDriveTypeA
HeapFree
HeapDestroy
LCMapStringA
SetStdHandle
GetFileType

user32

WaitForInputIdle
PostMessageA
FindWindowA
DestroyWindow
DefWindowProcA
CreateWindowExA
RegisterClassA

advapi32

RegCloseKey
RegEnumKeyExA
RegSetValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
ControlService
QueryServiceStatus
DeleteService
RegCreateKeyA
CreateServiceA
StartServiceCtrlDispatcherA
GetUserNameA
LookupAccountNameA
IsValidSid
GetLengthSid
CopySid
QueryServiceConfigA
OpenSCManagerA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
GetFileSecurityA
CloseServiceHandle
RegDeleteKeyA
OpenServiceA
RegQueryValueExA
ChangeServiceConfigA

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b701e31360ab2d6aa19dd55b3a676f9c

Headers

File Characteristics

Imports

wsock32

mpr

kernel32

user32

advapi32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 14KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 14KB