NEAS[.]e9b2281825beaf3fa33f029ba5d767f0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e9b2281825beaf3fa33f029ba5d767f0_JC.exe
Size

2.3MB
MD5

e9b2281825beaf3fa33f029ba5d767f0
SHA1

7b2407644cb2afc17adca5a6c00c266424e2dfb3
SHA256

1ceaf36d6b704edacce7f582411ca49a6def92a9131b25decf3ebdfc5b9a98bf
SHA512

9cf5e4afa9e5aeb73ccc04c386f587831a1bf7a7aaad2096e4d9907fbba443b44a2f511dc82010fc7395d283f3673c97814125ee33d85dfed5c2cd119e7c73ce
SSDEEP

24576:2+C6FK6o8obYtqYHT9AR8HHUk68OxrH2VP09Xjankqln87i:4kzlo0hHT9ARYUk68cukUn87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e9b2281825beaf3fa33f029ba5d767f0_JC.exe

Files

NEAS.e9b2281825beaf3fa33f029ba5d767f0_JC.exe
.dll windows:6 windows x64

7d5b0a0b7cea8d4560ac51e2d1e970ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

xinput9_1_0

XInputGetState
XInputSetState
XInputGetCapabilities

kernel32

WideCharToMultiByte
GlobalUnlock
GlobalAlloc
GlobalFree
CreateEventW
WaitForSingleObject
CloseHandle
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryA
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
K32EnumProcessModules
K32GetModuleInformation
K32GetModuleBaseNameA
AllocConsole
AttachConsole
SetConsoleTextAttribute
GetStdHandle
FreeConsole
SetThreadPriority
FreeLibraryAndExitThread
DisableThreadLibraryCalls
CreateThread
Sleep
CreateFileW
DisconnectNamedPipe
WriteFile
CreateNamedPipeW
ConnectNamedPipe
ReadFile
CreateWaitableTimerW
SetWaitableTimer
LocalFree
GetModuleFileNameA
K32EnumProcessModulesEx
FlushInstructionCache
GetModuleFileNameW
FormatMessageA
WriteProcessMemory
UnhandledExceptionFilter
GlobalLock
OutputDebugStringW
WriteConsoleW
SetEndOfFile
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetConsoleCtrlHandler
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetCurrentThread
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
MultiByteToWideChar
GetProcAddress
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RtlLookupFunctionEntry
RtlCaptureContext
TlsGetValue
GetLastError
GetCurrentProcessId
RtlVirtualUnwind
OpenProcess
SetUnhandledExceptionFilter
InitializeSRWLock
TlsAlloc
SetLastError
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
InitializeSListHead
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockShared
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
EncodePointer
DecodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
GetStringTypeW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
CompareStringEx
GetCPInfo
SetEvent
ResetEvent
GetStartupInfoW

user32

LoadCursorW
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetCursor
RegisterClassExA
ClientToScreen
GetAsyncKeyState
EnumWindows
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
GetClassNameW
GetWindow
IsWindowVisible
IsWindow
SetWindowLongPtrW
CallWindowProcW
GetWindowRect
GetRawInputData
RegisterRawInputDevices
ClipCursor
DestroyWindow
CloseWindow
CreateWindowExA
SetCursorPos
MonitorFromWindow
ReleaseDC
GetDC
SetProcessDPIAware
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetClientRect
ScreenToClient
GetCursorPos
IsChild
GetForegroundWindow
SetClipboardData

gdi32

GetDeviceCaps

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

oleaut32

GetErrorInfo
VariantClear
SysFreeString
VariantInit
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocString

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

dxgi

CreateDXGIFactory2

d3d12

ord101
D3D12SerializeRootSignature

d3d11

D3D11CreateDeviceAndSwapChain

Exports

Exports

IGCS_EndScreenshotSession
IGCS_MoveCameraMultishot
IGCS_MoveCameraPanorama
IGCS_StartScreenshotSession

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d5b0a0b7cea8d4560ac51e2d1e970ea

Headers

DLL Characteristics

File Characteristics

Imports

xinput9_1_0

kernel32

user32

gdi32

advapi32

oleaut32

imm32

d3dcompiler_47

dxgi

d3d12

d3d11

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 34KB - Virtual size: 69KB

.pdata Size: 96KB - Virtual size: 95KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 34KB - Virtual size: 69KB

.pdata
Size: 96KB - Virtual size: 95KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB