NEAS[.]7bda0298e959406507d119b1710ac520_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7bda0298e959406507d119b1710ac520_JC.exe
Size

648KB
MD5

7bda0298e959406507d119b1710ac520
SHA1

ca3075d206354debec60f0ea9c4491b5da5315a9
SHA256

6d8ab9fd0eab14a48586b9f39456b801cc298f085342f4249456d6f60a7cbbe1
SHA512

935a837f8a509bd55e90cc76713431a850295a4294514b2629c02a65920461ead730b8353d1548fc8b69d8d3597e8c8b5410e03cc4147e882c2603d8d41e440b
SSDEEP

12288:ePUiZB6yj2CVY0gocBdMhcJY9OhC/swUxqCkh2M1O36mag3/80:ePUiv6yj2iY0gocB3JY9mp5kh2M1O36r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7bda0298e959406507d119b1710ac520_JC.exe

Files

NEAS.7bda0298e959406507d119b1710ac520_JC.exe
.exe windows:4 windows x86

6f363869bd73d8239a6dc2feb1027bd3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
htons
inet_addr
sendto
WSAGetLastError
closesocket
WSACancelBlockingCall
WSACleanup
WSAStartup

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetACP
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
GetCPInfo
LCMapStringW
Sleep
GetCurrentProcess
GetLastError
GetCurrentDirectoryA
CreateEventA
CloseHandle
SetEvent
GetSystemTimeAsFileTime
WaitForSingleObject
GetModuleFileNameA
CreateFileA
CreateDirectoryA
FormatMessageA
GetTickCount
GetCurrentThreadId
HeapFree
HeapAlloc
SetHandleCount
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
DeleteCriticalSection
LockFileEx
InterlockedIncrement
InitializeCriticalSection
GetTempPathA
GetTempPathW
CreateFileW
GetFullPathNameA
GetFullPathNameW
LocalFree
GetStartupInfoA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CompareStringA
CompareStringW
GetProcessHeap
InterlockedDecrement
InterlockedExchange
ReleaseMutex
TlsAlloc
CreateMutexA
TlsGetValue
TlsSetValue
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
RtlUnwind
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapReAlloc
LCMapStringA

advapi32

OpenSCManagerA
ReportEventA
RegisterEventSourceA
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCreateKeyExA
RegSetValueExA
RegCloseKey
DeregisterEventSource
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
SetServiceStatus

Sections

.text
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6f363869bd73d8239a6dc2feb1027bd3

Headers

File Characteristics

Imports

ws2_32

kernel32

advapi32

Sections

.text Size: 548KB - Virtual size: 544KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 16KB - Virtual size: 24KB

.tls Size: 4KB - Virtual size: 2B

.text
Size: 548KB - Virtual size: 544KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 16KB - Virtual size: 24KB

.tls
Size: 4KB - Virtual size: 2B