NEAS[.]14876434c5bae7a999903d69c1d93940_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.14876434c5bae7a999903d69c1d93940_JC.exe
Size

155KB
MD5

14876434c5bae7a999903d69c1d93940
SHA1

326d5d8a4dce646fd8b89e25a07146deb94bc538
SHA256

1f78fd48fec79f89f7536b641405682f250f9dcc46c12916b50980bc78f78fbe
SHA512

ecf8396a7e375dbe6d3f21f2df892863ab05be60e42e2b623af5f243845df69723992d108f7f338e5742a116eb0961c36575843f71a0de50d6fab34fd4bdc4cb
SSDEEP

3072:nBRlcz0DH3I60nk3EbQ5rWD42rIX1OSdIMBKqDDUSys:nFK0jYTgKehaiJDDUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.14876434c5bae7a999903d69c1d93940_JC.exe

Files

NEAS.14876434c5bae7a999903d69c1d93940_JC.exe
.exe windows:5 windows x86

f9bfa52a783c53c82809aaa4873b2c9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
GetProcessHeap
SetEndOfFile
GetSystemDefaultUILanguage
OpenFileMappingW
GetDateFormatW
lstrcpyW
WriteTapemark
FindFirstVolumeW
WaitForMultipleObjectsEx
GetTickCount
InitAtomTable
LoadLibraryA
GetConsoleKeyboardLayoutNameW
SetConsoleMenuClose
LocalShrink
lstrcpy
EnterCriticalSection
PeekConsoleInputA
EnumCalendarInfoW
UnhandledExceptionFilter
GlobalFindAtomA
DeleteCriticalSection
QueryDosDeviceA
AssignProcessToJobObject
VirtualAlloc
SetTapeParameters
GetTimeZoneInformation
EnumUILanguagesW
GetCurrentDirectoryW
PrivCopyFileExW
GetSystemDirectoryA
LeaveCriticalSection
GetPrivateProfileStructA
GetExitCodeProcess
FoldStringW

crtdll

_mbsrchr
abs
_scalb
_CIatan2
_getdrive
_spawnlpe
_mbsdup
_strnicmp
strcspn
malloc
_strninc
_flsbuf
_exit
_mbsncpy
getc
_snwprintf
wcscpy
_cscanf
_mbctokata
__pxcptinfoptrs
isalnum
_execlp
_spawnv
_y1
memcmp
_nextafter
_clearfp
_lrotl
_tell
_timezone_dll
_fgetchar
is_wctype
wcsrchr
_mbstrlen
_ecvt
mbstowcs
_close
_mbsnset
wcstod
_mbctohira

glu32

gluEndCurve
gluTessEndContour
gluTessCallback
gluPartialDisk
gluQuadricTexture
gluBeginSurface
gluNewQuadric
gluErrorString
gluNurbsSurface
gluDeleteNurbsRenderer
gluNurbsProperty
gluScaleImage
gluGetNurbsProperty
gluErrorUnicodeStringEXT
gluQuadricDrawStyle
gluBeginTrim
gluBuild1DMipmaps
gluProject
gluTessEndPolygon
gluGetString
gluEndPolygon
gluNextContour
gluTessProperty
gluUnProject
gluQuadricOrientation
gluLoadSamplingMatrices
gluNewTess

ntdll

NtQueryInformationFile
ZwRegisterThreadTerminatePort
atol
ZwImpersonateClientOfPort
vDbgPrintEx
RtlUshortByteSwap
RtlTimeToTimeFields
wcsspn
LdrUnlockLoaderLock
NtFlushVirtualMemory
RtlGetNtProductType
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlWalkHeap
RtlSetInformationAcl
RtlUpcaseUnicodeChar
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInitUnicodeStringEx
ZwAllocateUserPhysicalPages
NtOpenTimer
RtlSetCriticalSectionSpinCount
ZwQueryEvent
atan
wcschr
ZwCreateJobObject
RtlHashUnicodeString
RtlTryEnterCriticalSection
RtlFindLongestRunClear
KiUserApcDispatcher
ZwDeleteAtom
ZwLoadDriver
RtlInterlockedPushEntrySList
NtGetPlugPlayEvent
NtOpenThread
NtEnumerateSystemEnvironmentValuesEx

msdtcuiu

DllGetClassObject
DtcPerfOpen
PerfDllRegisterServer
DtcPerfCollect
DtcPerfClose

query

?RemoveFirstChild@CDbCmdTreeNode@@IAEPAV1@XZ
?IsScopeValid@@YGJPBGIH@Z
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
?RefreshParams@CWorkQueue@@QAEXKK@Z
??1CKeyArray@@QAE@XZ
??3CDbCmdTreeNode@@SGXPAX@Z
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
?Read@CRegAccess@@QAEKPBGK@Z
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
??1CColumns@@QAE@XZ
?AbortWorkItems@CWorkManager@@QAEXXZ
?HTMLEscapeW@@YGXPBGAAVCVirtualString@@K@Z
?QuerySdidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?Skip@CEnumWorkid@@UAGJK@Z
?Read@CRcovStrmTrans@@QAEKPAXK@Z
??1CPropStoreManager@@QAE@XZ
?My_wcstoui64@@YA_KPBGPAPAGH@Z
?GetI2@CAllocStorageVariant@@QBEFI@Z
??0CDbPropIDSet@@QAE@XZ
??1CWordRestriction@@QAE@XZ
?GetGUID@CMemDeSerStream@@UAEXAAU_GUID@@@Z
?CiGetPassword@@YGHPBG0PAG@Z
?DisableNotification@CRegNotify@@QAEXXZ
?UnMarshall@CDbColId@@QAEHAAVPDeSerStream@@@Z
?_FindGroupListAnchor@CDbNestingNode@@AAEPAVCDbProjectListAnchor@@XZ

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9bfa52a783c53c82809aaa4873b2c9c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crtdll

glu32

ntdll

msdtcuiu

query

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 54KB - Virtual size: 245KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 54KB - Virtual size: 245KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB