NEAS[.]32ad1f41eab3a0cd55f7213b74124140_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.32ad1f41eab3a0cd55f7213b74124140_JC.exe
Size

804KB
MD5

32ad1f41eab3a0cd55f7213b74124140
SHA1

947d470aecb6ec667821be032cb51f48610bebd2
SHA256

5e507c790e42dcc7a83d2332f6d8902a2d681a8c2ca4f9a75efe03a8031b4fdf
SHA512

201ecb3fa2865ec2a57025fa888bb4cc54ac4d0738b29a5a36b8f1ad71d37614ec057400e0a1e6005450b1dc551774b217254c6d21569982f3ff90663f48c17f
SSDEEP

12288:zkaIfjZxfafUpU62q7cTS01uylJ5j9kiutuy3z6f5c5lJItL:YfjZ9qUpU6qXuoJ56Tkt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.32ad1f41eab3a0cd55f7213b74124140_JC.exe

Files

NEAS.32ad1f41eab3a0cd55f7213b74124140_JC.exe
.dll regsvr32 windows:4 windows x86

d9e1fd00622e867c5239b7112c39296e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipDisposeImage
GdipFree
GdipAlloc

kernel32

GetStringTypeExW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
LoadLibraryW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileTime
GetVersionExA
lstrcmpW
LoadLibraryA
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GlobalFlags
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
lstrcmpiA
GetCurrentThread
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
ExitProcess
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
ExitThread
CreateThread
lstrlenA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcmpA
GetVersion
SetErrorMode
GetProcAddress
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
SetLastError
GlobalFree
MulDiv
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
UnmapViewOfFile
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandle
FileTimeToDosDateTime
FileTimeToSystemTime
SetFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
WideCharToMultiByte
GetFileAttributesExW
CopyFileW
MoveFileW
CreateFileW
WriteFile
CloseHandle
GetFileSize
ReadFile
GetModuleHandleW
LoadLibraryExW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrcatW
lstrcpynW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrcpyW
lstrlenW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
CreateDirectoryW
GetModuleFileNameW
GetShortPathNameW
SystemTimeToFileTime
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize

user32

GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ClientToScreen
GetDesktopWindow
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
IsWindow
SetFocus
IsChild
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
ScrollWindow
BeginPaint
TrackPopupMenu
SetScrollRange
UnregisterClassA
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
PostMessageW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
SetWindowPlacement
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
wsprintfW
CharUpperW
GetWindowTextLengthW
GetWindowTextW
MessageBoxW
GetParent
EndPaint
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
PostQuitMessage
SetCursor
ShowOwnedPopups
GetWindowLongW
GetLastActivePopup
DeleteMenu
GetDialogBaseUnits
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
TrackPopupMenuEx
DestroyIcon
IsWindowEnabled
EnableWindow
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
UnregisterClassW
CharNextW
GetDlgCtrlID
GetScrollRange

gdi32

CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
DeleteDC
SetRectRgn
CombineRgn
GetMapMode
PatBlt
SetWindowOrgEx
DPtoLP
GetTextMetricsW
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
CreateDCW
CopyMetaFileW
GetDeviceCaps
SetWindowExtEx
CreateRectRgnIndirect
DeleteObject
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
OffsetWindowOrgEx

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyW
RegSetValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord47
ShellExecuteW
SHGetFileInfoW
ExtractIconW
ord155

comctl32

ord17

shlwapi

PathAppendW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveExtensionW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
CoTreatAsClass
CoDisconnectObject
CLSIDFromString
CoTaskMemFree

oleaut32

VarBstrCat
SysReAllocStringLen
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
VariantClear
SysStringLen
SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VariantInit
VarBstrCmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 536KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9e1fd00622e867c5239b7112c39296e

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 536KB - Virtual size: 533KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 16KB - Virtual size: 29KB

.idata Size: 16KB - Virtual size: 14KB

.didat Size: 4KB - Virtual size: 793B

.rsrc Size: 112KB - Virtual size: 110KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 536KB - Virtual size: 533KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 16KB - Virtual size: 29KB

.idata
Size: 16KB - Virtual size: 14KB

.didat
Size: 4KB - Virtual size: 793B

.rsrc
Size: 112KB - Virtual size: 110KB

.reloc
Size: 28KB - Virtual size: 26KB