NEAS[.]099a7208dba0a5fc47e849fa26f20820_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.099a7208dba0a5fc47e849fa26f20820_JC.exe
Size

5.6MB
MD5

099a7208dba0a5fc47e849fa26f20820
SHA1

83cb5ea04a4b3cd043a74c2bed2b2c05b781bc11
SHA256

b2bba40a03547b6e51bc7c3396315a6ea01938a986b9a83f110c868a8324e45f
SHA512

5794f920d049d6bac25a97ecf64bfccb0d153585c9966c86b4cb254be844100dbb5c42a0ed1083a4956bffa31061e0750e03a7cb074a46f6b18fbdbc5d533352
SSDEEP

49152:Yzrh20HcSyFeOJpl6IKxrrQwgTz4HhsH+oYTRayy2LFxK5e6JZT:krh2RTSfQwNHhluyi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.099a7208dba0a5fc47e849fa26f20820_JC.exe

Files

NEAS.099a7208dba0a5fc47e849fa26f20820_JC.exe
.exe windows:4 windows x86

33ee4a79cb038943324caf6b6a06e55a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord171
ord118
ord281
ord94
ord96
ord17
ord32
ord159
ord49
ord114
ord123
ord22
ord70
ord92
ord64
ord58
ord51
ord60
ord120
ord153
ord78
ord80
ord205
ord141
ord74
ord173
ord41
ord43
ord111
ord150
ord63
ord139
ord135
ord82
ord113
ord252
ord219
ord248
ord195
ord169
ord232
ord145
ord34
ord8
ord151
ord47
ord147
ord121
ord160
ord163
ord125
ord20
ord158
ord28
ord115
ord166
ord103
ord48

secur32

GetUserNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

DeleteFileA
AreFileApisANSI
CreateFileA
GetTempPathA
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryA
GetFullPathNameA
GetFullPathNameW
GetEnvironmentVariableW
IsBadReadPtr
GlobalAlloc
GetModuleHandleA
GetVersionExA
lstrcmpW
CompareStringW
InterlockedDecrement
SetThreadPriority
SuspendThread
GetStringTypeExW
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
InterlockedExchange
CompareStringA
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
VirtualProtect
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SystemTimeToFileTime
InterlockedIncrement
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
GlobalFlags
GlobalGetAtomNameW
GetAtomNameW
GetDiskFreeSpaceW
SetErrorMode
LocalUnlock
LocalLock
GetFileAttributesA
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetTimeZoneInformation
FindFirstFileA
FindNextFileA
VirtualQuery
GetFileType
GetConsoleCP
GetConsoleMode
GetDiskFreeSpaceA
GetLogicalDrives
WriteConsoleW
GetStdHandle
SetStdHandle
ExitThread
ExitProcess
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeFormatA
GetDateFormatA
ReadConsoleInputA
ReadConsoleInputW
SetConsoleMode
WriteConsoleA
GetConsoleOutputCP
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetDriveTypeA
SetEnvironmentVariableA
SetEnvironmentVariableW
GetSystemTimeAsFileTime
GetSystemTime
LockFileEx
LockFile
UnlockFile
GetFileSize
SetEndOfFile
FlushFileBuffers
SetFilePointer
MoveFileW
VerSetConditionMask
VerifyVersionInfoW
GetSystemInfo
GlobalFree
GlobalUnlock
GlobalSize
GlobalLock
GetShortPathNameW
DosDateTimeToFileTime
LocalFileTimeToFileTime
WaitForMultipleObjects
OpenEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
VirtualAlloc
VirtualFree
DebugBreak
GetLogicalDriveStringsW
MoveFileExW
CreateDirectoryW
SetFileTime
RemoveDirectoryW
GetCurrentDirectoryW
GetCommandLineW
FindFirstFileW
FindNextFileW
SetFileAttributesW
FindClose
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetUserDefaultLCID
GetFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
CreateNamedPipeW
ResetEvent
SwitchToThread
ExpandEnvironmentStringsW
CreateThread
CreateEventW
CreateFileW
ReadFile
ConnectNamedPipe
WriteFile
DisconnectNamedPipe
ReleaseMutex
SetEvent
CreateProcessW
GetCurrentProcessId
GetModuleFileNameA
FreeResource
GetLocaleInfoW
lstrcpyW
lstrcmpiW
GetVersion
GetWindowsDirectoryW
DeleteCriticalSection
InitializeCriticalSection
FormatMessageW
LocalFree
GetLongPathNameW
lstrlenA
lstrcatW
WinExec
lstrlenW
GetFileAttributesW
GetUserDefaultLangID
GetVersionExW
FreeLibrary
CopyFileW
CreateMutexW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
GetExitCodeThread
ResumeThread
SetCurrentDirectoryW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CloseHandle
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetSystemDefaultLangID
Sleep
WideCharToMultiByte
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
FlushInstructionCache
DeleteFileW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
MulDiv
InterlockedCompareExchange
IsProcessorFeaturePresent
LoadLibraryExW
FindResourceExW

user32

WaitMessage
IsClipboardFormatAvailable
GetTabbedTextExtentW
GetNextDlgGroupItem
RegisterClipboardFormatW
GetSystemMenu
SetParent
PostThreadMessageW
GetDCEx
LockWindowUpdate
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
GetCapture
SetWindowsHookExW
UnregisterClassA
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
SetWindowPlacement
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
IntersectRect
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
wsprintfW
LoadBitmapW
LoadIconW
SetWindowRgn
CloseClipboard
GetClipboardData
OpenClipboard
CreateCaret
HideCaret
DestroyCaret
ShowCaret
GetWindowDC
MoveWindow
UnionRect
EnumChildWindows
DestroyIcon
DeleteMenu
ShowWindow
GetWindowTextLengthW
SetForegroundWindow
PostQuitMessage
SetFocus
ExitWindowsEx
GetTopWindow
FindWindowW
LoadStringW
GetDlgCtrlID
IsWindowEnabled
IsDialogMessageW
GetKeyState
WinHelpW
IsChild
MapDialogRect
GetWindow
KillTimer
GetCursorPos
CopyIcon
MessageBeep
DestroyCursor
SetCursor
RedrawWindow
SetRectEmpty
PtInRect
AdjustWindowRect
ReleaseCapture
IsWindowVisible
GetSysColorBrush
SetCapture
WaitForInputIdle
GetDesktopWindow
GetSystemMetrics
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageW
LoadImageW
GetMessagePos
GetFocus
ScreenToClient
ClientToScreen
LoadMenuW
GetSubMenu
DrawFocusRect
FrameRect
InflateRect
CopyRect
GetWindowTextW
PostMessageW
SetWindowTextW
SetTimer
GetParent
GetWindowRect
EnableMenuItem
EqualRect
CharNextW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetMenu
TranslateAcceleratorW
InvalidateRgn
CopyAcceleratorTableW
UnregisterClassW
GetDialogBaseUnits
GetAsyncKeyState
WindowFromPoint
SetWindowContextHelpId
IsWindow
EnableWindow
SendMessageW
OffsetRect
ShowOwnedPopups
DestroyMenu
GetMenuItemInfoW
CharUpperW
ValidateRect
DrawIcon
IsRectEmpty
MapVirtualKeyW
GetKeyNameTextW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetRect
CreateWindowExW
RegisterClassExW
DefWindowProcW
CallWindowProcW
GetWindowLongW
DestroyWindow
FillRect
LoadCursorW
GetClassInfoExW
SetScrollInfo
GetScrollInfo
SetScrollRange
InvalidateRect
UpdateWindow
GetDC
EndPaint
BeginPaint
GetClientRect
SetWindowLongW
MessageBoxW
GetSysColor
SystemParametersInfoW
ReleaseDC
BringWindowToTop
SetDlgItemInt
GetClassNameW
CallNextHookEx

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
MoveToEx
OffsetViewportOrgEx
PatBlt
DPtoLP
GetDCOrgEx
CreateEllipticRgn
LPtoDP
Ellipse
GetRgnBox
CreateCompatibleBitmap
GetBkColor
GetTextColor
GetCharWidthW
EnumFontFamiliesExW
StretchDIBits
SetAbortProc
AbortDoc
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SelectClipRgn
SetColorAdjustment
CreateCompatibleDC
CreatePen
CreateFontIndirectW
SetBkMode
SelectObject
TextOutW
CreateSolidBrush
DeleteObject
GetTextMetricsW
CreateICW
GetDeviceCaps
GetObjectW
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
GetMapMode
GetStockObject
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
CombineRgn
CreateRectRgn
StartPage
StartDocW
SetMapMode
EndDoc
EndPage
CreateDIBSection
DeleteDC
GetTextExtentPointW
SetTextJustification
GetTextFaceW
GetTextExtentPoint32W
CreateFontW
BitBlt
RoundRect
SetTextAlign

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetJobW

advapi32

AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegEnumKeyW
IsTextUnicode
RegSetValueW
RegUnLoadKeyW
RegLoadKeyW
OpenProcessToken
LookupPrivilegeValueW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegOpenCurrentUser
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW

shell32

DragQueryFileW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
ord680
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetDesktopFolder
ExtractIconW
SHFileOperationW
SHGetFileInfoW
DragFinish
SHCreateDirectoryExW

comctl32

ord17
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

SHCopyKeyW
SHDeleteKeyW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
UrlUnescapeW

oledlg

OleUIBusyW

ole32

OleDuplicateData
OleRun
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateGuid
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

SysAllocString
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantInit
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysStringLen
GetErrorInfo
VariantClear
VarBstrCmp
SysAllocStringLen
VarUdateFromDate
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
SystemTimeToVariantTime
VariantTimeToSystemTime
VarDecFromStr
VarBstrFromDate
SafeArrayCreateVector
OleCreateFontIndirect
LoadTypeLi
SysFreeString

wininet

InternetConnectW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetCloseHandle
GopherOpenFileW
HttpAddRequestHeadersW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetQueryDataAvailable
InternetGetCookieW
InternetSetCookieW
InternetSetOptionExW
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenUrlW
HttpOpenRequestW
InternetFindNextFileW
HttpQueryInfoW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33ee4a79cb038943324caf6b6a06e55a

Headers

File Characteristics

Imports

msi

secur32

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 736KB - Virtual size: 735KB

.data Size: 84KB - Virtual size: 106KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 736KB - Virtual size: 735KB

.data
Size: 84KB - Virtual size: 106KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB