NEAS[.]044c5a5f078f11108cd2260f49185810_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.044c5a5f078f11108cd2260f49185810_JC.exe
Size

408KB
MD5

044c5a5f078f11108cd2260f49185810
SHA1

8e888eb918ebc794f4044366b119cc5e40c8b42f
SHA256

d901190de8349411d433d3ddb164cd80dbd5ad40a1b368f60f27bfb1e524aea4
SHA512

e43477173f30cc1d81e06648088dd16dcc4c8092d1ce9baca20d86b165159ccaea8aa25f35e181eba3138b755d0555b40343893dd3546ee5459a07d22286a75a
SSDEEP

6144:ZpXNGIT/KYqEmdeHyvhJEttOjV6YVQvGd5Cqv+0tsgBLFe9Jq:jXNGIT/KYqDdeHOJmqG+dQ0tsgBgv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.044c5a5f078f11108cd2260f49185810_JC.exe

Files

NEAS.044c5a5f078f11108cd2260f49185810_JC.exe
.dll regsvr32 windows:4 windows x86

993a7a8012c317dbc9d7cf51a8fdf6f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr70

??1exception@@UAE@XZ
wcscat
_wmakepath
wcscpy
_snwprintf
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
wcsncpy
free
_initterm
qsort
iswdigit
wcsncmp
vswprintf
_except_handler3
isalpha
_wcsnicmp
_wcsicmp
wcscmp
realloc
memmove
_ftol
memset
_wtoi
wcsrchr
wcschr
wcspbrk
malloc
_adjust_fdiv
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
wcslen
__CxxFrameHandler
_CxxThrowException
_wcslwr
wcsstr
_wsplitpath

msvcp70

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

oleaut32

UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
SafeArrayLock
SafeArrayDestroy
SafeArrayUnlock
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
VariantInit
GetErrorInfo
SetErrorInfo
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
SysStringByteLen
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
SysFreeString

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRun
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoGetMalloc
CoCreateGuid
CoUninitialize
CoInitializeEx

kernel32

LocalFree
IsBadReadPtr
InterlockedDecrement
InterlockedIncrement
SetLastError
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
FindResourceA
GetLastError
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
lstrlenA
lstrlenW
MulDiv
FlushInstructionCache
GetCurrentProcess
lstrcmpA
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
SetEvent
SetThreadPriority
SizeofResource
Sleep
DisableThreadLibraryCalls
lstrcpyA
lstrcatA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
GetVersionExA
RaiseException
FindClose
CloseHandle
WaitForMultipleObjects
GetExitCodeThread
ResumeThread
CreateThread
WaitForSingleObject
CreateEventA
FormatMessageA
InterlockedExchange
lstrcmpiA
IsDBCSLeadByte
lstrcpynA
GetSystemDefaultLCID
GetUserDefaultLCID
FreeLibrary
LoadLibraryA
LoadLibraryExA
GetShortPathNameA
ReadFile
GetFileSize
CreateFileA
GetEnvironmentVariableA
GetVersion
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
GetFileAttributesW
GetFullPathNameW
GetModuleFileNameW
GetVersionExW
GetSystemDirectoryW
GlobalAddAtomW
IsBadStringPtrW
LoadLibraryExW
SetFileAttributesW
AreFileApisANSI
FindNextFileA
GetFullPathNameA
SetFileAttributesA
GetFileAttributesA
LocalAlloc
GlobalAddAtomA
FindFirstFileA
GetSystemDirectoryA
GlobalDeleteAtom

gdi32

CreateCompatibleBitmap
DeleteDC
GetPixel
SetPixel
SelectObject
DeleteObject
GetStockObject
GetObjectA
CreateCompatibleDC
BitBlt
MoveToEx
LineTo
CreatePen
ExcludeClipRect
CreateFontIndirectA
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateFontIndirectW
SetBkMode
SetBkColor
SetTextColor
SetTextAlign
SetROP2
SetBrushOrgEx
GetTextMetricsA
CreateSolidBrush
GetDeviceCaps

user32

InvalidateRect
DialogBoxIndirectParamA
DrawTextExA
SetPropA
GetPropA
RemovePropA
ScreenToClient
ChildWindowFromPoint
UnionRect
EqualRect
GetDlgCtrlID
UpdateWindow
EndDeferWindowPos
MoveWindow
DeferWindowPos
BeginDeferWindowPos
DeleteMenu
PtInRect
SetWindowLongW
InvalidateRgn
RemovePropW
SetPropW
GetPropW
SetWindowTextW
MessageBoxW
GetWindowTextW
FillRect
SetCapture
ReleaseCapture
GetDC
GetDesktopWindow
GetWindowTextLengthW
GetClassNameW
DrawTextExW
DialogBoxIndirectParamW
CreateWindowExW
CallWindowProcW
PeekMessageA
GetMessageA
ReleaseDC
DestroyAcceleratorTable
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowLongA
SetWindowLongA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateWindowExA
GetWindow
MapDialogRect
SetWindowContextHelpId
SetWindowPos
DestroyWindow
IsWindowUnicode
GetMessageW
TranslateMessage
DispatchMessageW
DispatchMessageA
MapWindowPoints
GetSystemMetrics
MsgWaitForMultipleObjects
SendDlgItemMessageA
SystemParametersInfoA
GetSystemMenu
EnableMenuItem
UnregisterClassA
MessageBoxA
MessageBeep
GetClientRect
GetWindowRect
GetDlgItem
CopyRect
EndDialog
SendMessageW
LoadIconA
wsprintfA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
GetSysColor
RedrawWindow
IsWindow
SendMessageA
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
CallWindowProcA
ClientToScreen
PostThreadMessageA
EnumChildWindows
GetCursorPos
GetWindowLongW

comctl32

InitCommonControlsEx

advapi32

RegDeleteValueA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExA

rpcrt4

CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
IUnknown_Release_Proxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 173B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

993a7a8012c317dbc9d7cf51a8fdf6f8

Headers

File Characteristics

Imports

msvcr70

msvcp70

oleaut32

ole32

kernel32

gdi32

user32

comctl32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 290KB

.orpc Size: 4KB - Virtual size: 173B

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 32KB - Virtual size: 29KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 292KB - Virtual size: 290KB

.orpc
Size: 4KB - Virtual size: 173B

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 32KB - Virtual size: 29KB

.rmnet
Size: 60KB - Virtual size: 60KB