NEAS[.]17a9a0c702531c81663c13176216b7a0_JC[.]cab

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.17a9a0c702531c81663c13176216b7a0_JC.cab
Size

2.8MB
MD5

17a9a0c702531c81663c13176216b7a0
SHA1

224e5d7c48c46ffa939481ec66e1ac61297c2241
SHA256

a26ca3fd670d10133d9c588a40de9baac0713f872393a2b776331349601a6f60
SHA512

c2d03e2d4f15eac0b67a139efd709c181ee69da90d7c0240d772fcc588b67c9d2a64a70c59e177a012a19cb0608262fd12ff1645a136218f82836a413dce9428
SSDEEP

49152:A1uIHzItIGOHUhsdimb4aDKnES6fG/UEHcKCZXpnZD50pdOzPVTANKLcU5mpfg5:auITG2WYrJoL/UscHnZ9zVTAsI45

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/libcef.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/libcef.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/libcef.dll
unpack002/out.upx
unpack001/svchost.exe

Files

NEAS.17a9a0c702531c81663c13176216b7a0_JC.cab
.cab
libcef.dll
.dll windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

cef_add_cross_origin_whitelist_entry
cef_add_web_plugin_directory
cef_add_web_plugin_path
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_build_revision
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_blocking_manager
cef_cookie_manager_get_global_manager
cef_crash_reporting_enabled
cef_create_context_shared
cef_create_directory
cef_create_new_temp_directory
cef_create_temp_directory_in_directory
cef_create_url
cef_currently_on
cef_delete_file
cef_dictionary_value_create
cef_directory_exists
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_java_script_with_user_gesture_for_tests
cef_execute_process
cef_force_web_plugin_shutdown
cef_format_url_for_security_display
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_temp_directory
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_cert_status_minor_error
cef_is_web_plugin_unstable
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_load_crlsets_file
cef_log
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_csscolor
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_register_widevine_cdm
cef_remove_cross_origin_whitelist_entry
cef_remove_web_plugin_path
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_server_create
cef_set_crash_key_value
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_list_alloc
cef_string_list_append
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_lower
cef_string_utf16_to_utf8
cef_string_utf8_clear
cef_string_utf8_to_utf16
cef_string_wide_set
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_textfield_create
cef_time_delta
cef_time_now
cef_time_to_timet
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_array_buffer
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_visit_web_plugin_info
cef_window_create_top_level
cef_write_json
cef_zip_directory
cef_zip_reader_create
create_context_shared

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 254KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 575KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svchost.exe
.exe windows:5 windows x86

8eac9f4421dacee9fe93600357324ec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcef

cef_string_multimap_alloc
cef_string_multimap_free
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_string_utf16_cmp
cef_log
cef_api_hash
cef_string_map_free
cef_enable_highdpi_support
cef_shutdown
cef_initialize
cef_execute_process
cef_string_userfree_utf16_free
cef_string_utf16_set
cef_browser_host_create_browser
cef_string_list_free
cef_string_list_alloc
cef_string_map_alloc
cef_string_list_copy
cef_string_ascii_to_utf16
cef_string_utf16_to_utf8
cef_string_utf8_to_utf16
cef_string_utf16_clear
cef_string_utf8_clear

kernel32

WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
OutputDebugStringW
GetModuleHandleA
GetLastError
SetLastError
FormatMessageA
GetConsoleCP
LoadLibraryExW
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
GetModuleFileNameA
GetFileType
GetStdHandle
GetProcessHeap
GetCurrentThreadId
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
GetCPInfo
HeapReAlloc
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineA
RtlUnwind
RaiseException
GetStringTypeW
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
CreateNamedPipeA
CreateFileA
DisconnectNamedPipe
ConnectNamedPipe
CloseHandle
FlushFileBuffers
ReadFile
WriteFile
Sleep
GetOverlappedResult
CreateFileW

user32

GetKeyState
RegisterClassExA
CreateWindowExA
DefWindowProcA

ole32

CoCreateGuid

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 3.1MB

UPX1 Size: 2.6MB - Virtual size: 2.6MB

.rsrc Size: 254KB - Virtual size: 256KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 384KB - Virtual size: 384KB

.data Size: 1.5MB - Virtual size: 1.6MB

.rsrc Size: 247KB - Virtual size: 247KB

.reloc Size: 575KB - Virtual size: 574KB

8eac9f4421dacee9fe93600357324ec8

Headers

DLL Characteristics

File Characteristics

Imports

libcef

kernel32

user32

ole32

Sections

.text Size: 198KB - Virtual size: 197KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 3.1MB

UPX1
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 254KB - Virtual size: 256KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 384KB - Virtual size: 384KB

.data
Size: 1.5MB - Virtual size: 1.6MB

.rsrc
Size: 247KB - Virtual size: 247KB

.reloc
Size: 575KB - Virtual size: 574KB

.text
Size: 198KB - Virtual size: 197KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB