NEAS[.]d57a921d0d09bdee827498ec5e2165d0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d57a921d0d09bdee827498ec5e2165d0_JC.exe
Size

141KB
MD5

d57a921d0d09bdee827498ec5e2165d0
SHA1

2083a9295f6909dd8f4c0b5d012c485e4504101a
SHA256

e1a74e2b2aa996175c961a334fa484c87a7395dfbbd428da3b08242cd5d97636
SHA512

e77f90ae012e3f099312391cb756bd5fdb7b68e11dbed6234b8c9e9642317026a83c73805b7bc3587b064067158a3245442e5a6b3f85dfba4814706c5bcef5b1
SSDEEP

3072:smySDoKEPxdBLwv8HU2M/XaB/g0Rn3P9OwHukIMVjjxeVhrBsePI6:no/dxwv73X8LF/wbSCBsm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d57a921d0d09bdee827498ec5e2165d0_JC.exe

Files

NEAS.d57a921d0d09bdee827498ec5e2165d0_JC.exe
.exe windows:4 windows x64

ca085cac42e9209b4af26a48e4fc9a84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcr80

_commode
_fmode
_encode_pointer
__set_app_type
__setusermatherr
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_configthreadlocale
_initterm_e
_initterm
__initenv
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_amsg_exit
exit
fprintf
isspace
__iob_func
fputs
fflush
strftime
strpbrk
memcmp
fwrite
_errno
strrchr
isdigit
strchr
memcpy
atoi
strncmp
_time64
memset
__crt_debugger_hook
strstr

ws2_32

gethostname

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
SetErrorMode
SetProcessShutdownParameters
GetSystemDirectoryA
GetModuleHandleA
GetModuleFileNameA
SetUnhandledExceptionFilter
VirtualAlloc
GetCurrentProcessId
CreateEventA
VirtualProtect
GetCurrentThread
GetCurrentProcess
LoadLibraryA
GetProcAddress
GetCurrentThreadId
SetEvent
Sleep
WaitForSingleObject
CreateFileA
CloseHandle
GetLastError
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter

storpds

pdsSleep
pdsFreeF
pdsRpcInit
pdsMallocF
pdsRpcDestroy
pdsSetPreference
pdsMutexUnlock
pdsStrcpy_cf
pdsMutexLock
pdsIpcConnRelease
pdsStrFree
pdsLdbCommit
pdsSprintf
pdsStrInit
pdsLdbInsert
pdsSprintf_cf
pdsIpcConnConfig
pdsIpcClientConnInit
pdsGetProcInfo
pdsThrdPoolAddJob
pdsLdbUpdateRec
pdsLdbFetchRec
pdsLdbSelect
pdsLdbDeleteRecs
pdsSprintfA
pdsDaemonGetOption
pdsThrdPoolDestroy
pdsStrcat
pdsRpcFinishMsg
pdsRpcAddFault
pdsRpcStartMsg
pdsRpcParseCallMsg2
pdsDlsupLookup
pdsDlsupLoad
pdsStrtoken
pdsStrcmpNC
pdsStrcat_cf
pdsRpcAddFieldStr
pdsRpcAddFieldUInt
pdsMemRegistrySet
pdsStrtok_c
pdsStrcpy
pdsLdbClose
pdsLdbLookupRec
pdsStrToUInt
pdsUname
pdsDeferProcCall
pdsUtilBytesToB64
pdsCryptRandBytes
pdsLdbOpen
pdsLdbDeleteTbl
pdsLdbCreateDb
pdsThrdPoolCreate
pdsMutexInitRecF
pdsMutexInitF
pdsGetenv2
pdsCopyStringF
pdsMemRegistryGet
pdsSleepMS
pdsCntrAccess
pdsCntrWait
pdsCntrInsert
pdsThrdCallOnce
pdsStrToUInt2
pdsStrToUInt64
pdsStrtolower_c
pdsStrncmpNC
pdsStrtrim
pdsStrlen
pdsThrdCreate
pdsCntrInit3F
pdsCritSectInit
pdsStrtrunc
pdsFileGetPathComp
pdsErrorToString
pdsMemUnmap
pdsMemMap
pdsFileRename
pdsFileDelete
pdsFileClose
pdsFileUnlock
pdsFclose
pdsNanosecToStringF
pdsClockGetTime2
pdsFopen
pdsFileGetInfoH
pdsFileLock
pdsFileOpen
pdsFileAccess
pdsUname2
pdsFileListDirCB
pdsFileGetInstallDir
pdsDaemonOverrideOption
pdsSockGetAddrs
pdsSockSocket
pdsCritSectUnlock
pdsAppLogDestroy
pdsCritSectLock
pdsAppLogSetPreference
pdsAppLogCreate
pdsStrunescape_c
pdsGMtime
pdsLocaltime
pdsGetTime
pdsAppLogWrite
pdsSockSendTo
pdsMutexTryLock
pdsRpcParseStruct
pdsRpcAllocMemoryH
pdsStrToInt
pdsCntrFind
pdsMemPoolSetMaxFreeListSize
pdsMemPoolGetInfo
pdsVSprintf
pdsVSprintfA
pdsMemPoolAlloc
pdsMemPoolFree
pdsIpcSendMsg
pdsRpcAddStruct
pdsRpcAddFieldInt
pdsRpcAddFieldUInt64
pdsIpcSendAuthMsg
pdsDaemonStart
pdsDaemonIsRunning
pdsRpcParseReplyMsg2
pdsIpcFreeMsgMemory
pdsIpcRecvMsg
pdsCondSignal
pdsCntrForEach
pdsCondWait
pdsMemPoolCreateF
pdsCondInitF
pdsGetPid
pdsUtilRandBytes
pdsRand
pdsIpcGetPeerName
pdsIpcServerConnAccept2
pdsSockSelect
pdsSockGetPort
pdsIpcExtractSock
pdsIpcServerConnInit
pdsGetProcPid
pdsUserTraceMsgF
pdsVSprintf_cf
pdsThrdGetContext
pdsThrdGetNumID
pdsThrdGetName
pdsGetStatistic
pdsGetenv
pdsTimingStart
pdsThrdRetrieveStkData
pdsDaemonSetState
pdsTimingRecord
pdsGetPreference
pdsAtomicAddInt
pdsIsCallerPrivileged
pdsStrtoupper
pdsFileReadData
pdsFileSetAltDirectory
pdsThrdPoolState
pdsGetMemoryUse
pdsPrintMemoryUse3
pdsTimingGet
pdsStrreplace
pdsDaemonCheckUserAuth
pdsDaemonUnAdvertise
pdsDaemonEnbWatchdog
pdsDaemonAdvertise
pdsFileRunningOnSP
pdsGetBuildType
pdsThrdSetName
pdsDaemonRun
pdsCryptoFIPSChgStatus
pdsLibInit
pdsSetLibDirectory

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca085cac42e9209b4af26a48e4fc9a84

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

ws2_32

kernel32

storpds

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB