NEAS[.]801548c46ac7ea90de5c2418ba5ac9e0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.801548c46ac7ea90de5c2418ba5ac9e0_JC.exe
Size

2.5MB
MD5

801548c46ac7ea90de5c2418ba5ac9e0
SHA1

2afab7e5914d99e942ef097f8313382307442330
SHA256

ace97147f69290d0623edc6a52ee9875f94b4a618a3a77b894e5e904355b5e09
SHA512

db1464345cb0c97a5689597e761a4e01778ebc3f2f72c24f532d064b1e2a374f50a99609cb71016601e090da0409c6e61359f2b7cedb9f4dd88e951c742ecfe7
SSDEEP

49152:ZRgTtLZBn8Mv6hz7cGuRjPFkILVVawZo7s:HeDn8Mv6t7cGWxVaXg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.801548c46ac7ea90de5c2418ba5ac9e0_JC.exe

Files

NEAS.801548c46ac7ea90de5c2418ba5ac9e0_JC.exe
.dll windows:5 windows x86

0fc5b47a8a67f9806781a67d8b469f63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

ws2_32

socket
connect
htons
send
shutdown
closesocket
inet_addr
recv

mfc42

ord3582
ord2575
ord4396
ord3574
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord609
ord795
ord693
ord616
ord641
ord324
ord2301
ord2370
ord2362
ord2302
ord4234
ord2379
ord5442
ord3318
ord665
ord5186
ord354
ord3996
ord4284
ord4710
ord2864
ord2614
ord6007
ord3998
ord2642
ord3092
ord924
ord6199
ord3286
ord6905
ord5981
ord3873
ord1979
ord6385
ord5953
ord4299
ord3499
ord2515
ord355
ord3317
ord1168
ord1253
ord342
ord1182
ord703
ord2454
ord1643
ord4398
ord5773
ord4275
ord3573
ord3626
ord2414
ord1641
ord3663
ord4243
ord825
ord800
ord535
ord823
ord858
ord567
ord818
ord6215
ord2086
ord1651
ord6334
ord860
ord4202
ord403
ord6283
ord6282
ord537
ord540
ord5572
ord2915
ord2818
ord5710
ord939
ord4129
ord6663
ord2764
ord6877
ord2582
ord4402
ord3370
ord3640
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord2411
ord2023
ord4218
ord2578

msvcrt

free
memcmp
sprintf
atoi
sscanf
swprintf
srand
strlen
strcpy
_except_handler3
strstr
memcpy
wcslen
memset
_ftol
floor
ceil
malloc
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_CxxThrowException
abs
__CxxFrameHandler
strncpy
_strupr

kernel32

ReadFile
SetFilePointer
WriteFile
CloseHandle
FreeLibrary
FlushInstructionCache
OutputDebugStringA
SetLastError
TerminateProcess
GetProcAddress
GetCurrentProcess
GetCommandLineA
GetCurrentDirectoryA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
Sleep
VirtualProtect
MultiByteToWideChar
WideCharToMultiByte
CreateMutexA
GetACP
GetSystemDefaultLangID
CreateFileA
LoadLibraryA
Beep
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenA

user32

GetSystemMetrics
CopyRect
DrawFocusRect
FillRect
GetSysColor
PostQuitMessage
GetParent
GetWindowRect
SetForegroundWindow
EnableWindow
IsWindow
SetWindowTextA
KillTimer
FindWindowA
SetDlgItemTextW
SetWindowTextW
SetTimer
IsWindowVisible
MoveWindow
DefWindowProcA
PostMessageA
SendMessageA

gdi32

SetTextColor
GetBkColor
SetBkMode
SelectObject
TextOutW
CreateSolidBrush
GetTextExtentPoint32A

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

advapi32

RegDeleteKeyA

Exports

Exports

ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite

Sections

.text
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tmd
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tmd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fc5b47a8a67f9806781a67d8b469f63

Headers

File Characteristics

Imports

winmm

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

msvcp60

iphlpapi

psapi

advapi32

Exports

Exports

Sections

.text Size: 592KB - Virtual size: 592KB

.tmd Size: 1.9MB - Virtual size: 1.9MB

.idata Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 4KB

.tmd Size: 4KB - Virtual size: 4KB

.text
Size: 592KB - Virtual size: 592KB

.tmd
Size: 1.9MB - Virtual size: 1.9MB

.idata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 4KB

.tmd
Size: 4KB - Virtual size: 4KB