NEAS[.]00654c9023246af6cde0794524733860_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.00654c9023246af6cde0794524733860_JC.exe
Size

292KB
MD5

00654c9023246af6cde0794524733860
SHA1

50bafb5a85db2706b7f97428a12f284cfff0aaf4
SHA256

780d0aabb0ae0f0b74f17693687307b927989b9da882fa7019e916f87b68b385
SHA512

ceedb285298aecfb8e38de6dbadee92efb653972acd6a38a600aeb97b3891aa4d44bc03074f3a136cfdef31584bcca6bf5bde9a5bc07953a561e878b7539d394
SSDEEP

6144:RZ4vY7Ie9hjHi8jMgMxzsai51cDpsr6ypFeKAo:RZ4vheHCDgMxzsaI1cK9eKAo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.00654c9023246af6cde0794524733860_JC.exe

Files

NEAS.00654c9023246af6cde0794524733860_JC.exe
.exe windows:4 windows x86

5b68548c145e8950cb172bb425da0fe1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitThread
TerminateProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
LCMapStringA
HeapFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
SetStdHandle
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
HeapAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
FindResourceA
GlobalAddAtomA
GetProfileStringA
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
GetTickCount
SizeofResource
WritePrivateProfileStringW
GetProcessVersion
GlobalFlags
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesW
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FormatMessageW
LocalFree
LoadLibraryA
FreeLibrary
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GetModuleHandleW
GlobalFree
LockResource
FindResourceW
LoadResource
MulDiv
GetModuleHandleA
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
CreateEventW
SuspendThread
GetCurrentThreadId
SetThreadPriority
ResumeThread
SetEvent
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalLock
GlobalUnlock
lstrcmpiW
GetThreadLocale
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
lstrcpyW
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
DuplicateHandle
SetLastError
lstrcpynW
GetPrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
DeleteFileW
OutputDebugStringW
lstrlenW
CreateProcessW
GetLastError
LCMapStringW
WaitForSingleObject

user32

GetTopWindow
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
CreateWindowExW
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageW
OffsetRect
IntersectRect
SystemParametersInfoW
GetWindowPlacement
GetWindowRect
MapDialogRect
GetWindow
SetWindowContextHelpId
SetFocus
SetWindowPos
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
CopyRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
PostThreadMessageW
ClientToScreen
ScreenToClient
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
PostMessageW
SetDlgItemTextW
SendMessageW
LoadIconW
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
MessageBoxW
SetCursor
PostQuitMessage
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageW
GetCursorPos
RegisterClipboardFormatW
InvalidateRect
SetWindowsHookExW
GetWindowTextW
CharUpperW
wsprintfW
EnableWindow
IsWindowVisible
LoadImageW
ShowWindow
IsIconic
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
DrawFocusRect
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
DrawIcon
GetClientRect
GetSystemMetrics
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableW
CharNextW
InflateRect
ModifyMenuW
DestroyMenu
GetSysColorBrush
LoadCursorW
GetDesktopWindow
PtInRect
GetClassNameW
LoadStringW
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetDC

gdi32

GetClipBox
IntersectClipRect
DeleteObject
GetDeviceCaps
ScaleWindowExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
PatBlt
GetObjectW
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkMode
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetViewportExtEx
CreateDIBitmap
ExtTextOutA
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

shell32

Shell_NotifyIconW
ShellExecuteW

comctl32

ord17

oledlg

OleUIBusyW

ole32

OleInitialize
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

VariantChangeType
SysAllocString
VariantCopy
VariantClear
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen

wininet

HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b68548c145e8950cb172bb425da0fe1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

shlwapi

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 80KB - Virtual size: 80KB