NEAS[.]76252517141ffcdea09edf1d8223f6f0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.76252517141ffcdea09edf1d8223f6f0_JC.exe
Size

1.0MB
MD5

76252517141ffcdea09edf1d8223f6f0
SHA1

8cb4ff54d43024e60f47f6bc2ad2e4a69fff4de0
SHA256

86c1c26a5edd17befec7914843b2cd297c3a16a434e335b9b3290c9e7d7754e0
SHA512

0d029e82e0e1be88c1120d7efd5c64e33786cc505c450f8f03e5beb508722d9bd4a9dce0a23d199939edebde81aa6ffa11c41c9e86f175753a2c3d8e0474c705
SSDEEP

24576:bm82+zJXOOEBlQJXIOdOGzDnwxOGXLch3XMwWP:K8bocQGzDww+g1MwWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.76252517141ffcdea09edf1d8223f6f0_JC.exe

Files

NEAS.76252517141ffcdea09edf1d8223f6f0_JC.exe
.dll regsvr32 windows:10 windows x86

7bb3dfac333b507679db5a29951e37cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fgetc
swprintf_s
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
towlower
strchr
time
mbstowcs_s
ftell
fputc
fseek
fread
ferror
feof
_stricmp
_wtoi
strerror
_wfsopen
wcscpy_s
wcscat_s
_purecall
fflush
fwrite
fclose
_wcsicmp
_wfopen_s
memmove
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
??_V@YAXPAX@Z
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
ldexp
realloc
abort
__uncaught_exception
_free_locale
_get_current_locale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QBEHABV0@@Z
_wcsdup
islower
_ismbblead
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
setlocale
_unlock
_lock
_errno
memcpy
_CxxThrowException
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@XZ
_callnewh
calloc
memset
sprintf_s
localeconv
strcspn
memchr
?name@type_info@@QBEPBDXZ
ldiv
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler3
memcpy_s
___lc_collate_cp_func
free
_wcsnicmp
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
wcsncpy_s
malloc
??3@YAXPAX@Z

user32

UnregisterClassA
CharNextW

kernel32

TlsSetValue
ResetEvent
OpenEventA
FormatMessageA
AreFileApisANSI
CopyFileW
GetCurrentDirectoryW
GetFileAttributesExW
SetFileTime
RemoveDirectoryW
DeviceIoControl
CreateDirectoryW
LocalAlloc
GetProcessMitigationPolicy
GetModuleHandleExW
SetLastError
FindClose
FindNextFileW
FindFirstFileW
WaitForSingleObjectEx
GetTempPathW
GetLongPathNameW
lstrlenA
GetExitCodeProcess
SystemTimeToFileTime
GetLocalTime
OpenProcess
GetFileTime
LocalUnlock
GetFileSize
MoveFileExW
CloseHandle
DeleteFileW
SetEvent
FormatMessageW
SetFileAttributesW
GetComputerNameExW
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
WriteFile
CreateEventA
GetProcessHeap
HeapAlloc
SizeofResource
SetThreadLocale
EnterCriticalSection
GetModuleFileNameW
GetThreadLocale
LeaveCriticalSection
MultiByteToWideChar
GetLastError
RaiseException
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
LocalFree
GetStringTypeW
InitializeCriticalSectionEx
GetLocaleInfoW
Sleep
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
ProcessIdToSessionId
HeapFree
LocalLock
ReadFile
TlsAlloc
TlsGetValue
TlsFree
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject

ole32

OleRun
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoImpersonateClient

oleaut32

UnRegisterTypeLi
VariantClear
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPutElement
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetLBound
LoadTypeLi
VariantInit
VariantChangeType
RegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SafeArrayGetUBound
SysFreeString

advapi32

EqualSid
CreateWellKnownSid
GetNamedSecurityInfoW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegSetKeyValueW
RegDeleteKeyExW
RegEnumValueW
RegDeleteTreeW
EventWrite
EventWriteTransfer
RegGetValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
EventUnregister
EventSetInformation
EventRegister
RegQueryInfoKeyW

shell32

SHGetKnownFolderPath

activeds

ord3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 941KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bb3dfac333b507679db5a29951e37cf

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

kernel32

ole32

oleaut32

advapi32

shell32

activeds

Exports

Exports

Sections

.text Size: 941KB - Virtual size: 940KB

.data Size: 29KB - Virtual size: 36KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 941KB - Virtual size: 940KB

.data
Size: 29KB - Virtual size: 36KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 54KB - Virtual size: 53KB