NEAS[.]0037cf9d0c10d221fa0a28ccc97e17a0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.0037cf9d0c10d221fa0a28ccc97e17a0_JC.exe
Size

104KB
MD5

0037cf9d0c10d221fa0a28ccc97e17a0
SHA1

6227590130c16d4c6122a334223c30fe80f175b0
SHA256

481f4556f2efaea7b6c7a585406b07c86dbc04130941b89f156f949adb598597
SHA512

a6ef5d759b685684b8e42c2c81cb35b015a80ef118b2422dd22dd63a41da0e5ec1f14ad7e44f6dade9f1e0abfa309e36f45474b289a2e982f11b832f42798b56
SSDEEP

1536:VHtqsdJOwwZqNsc75MyW+QIz8cLePTh/o8zeAx3PR0DIg3+Vj7:3gUssPW+zz8s0Vo8zeA1PR/g3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0037cf9d0c10d221fa0a28ccc97e17a0_JC.exe

Files

NEAS.0037cf9d0c10d221fa0a28ccc97e17a0_JC.exe
.exe windows:4 windows x86

6940d79a19c51a67ab8f5f64492e45f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
WritePrivateProfileStringA
DeleteFileA
GetSystemDirectoryA
GetComputerNameA
InterlockedDecrement
UnlockFile
WriteFile
LockFile
CreateFileA
CreateThread
WinExec
ReadFile
GetFileSize
GetLastError
GetCurrentProcess
SetEvent
WaitForSingleObject
CreateEventA
Sleep
lstrcmpiA
SetFilePointer
GetPrivateProfileStringA
LoadLibraryA
DeleteCriticalSection
InterlockedIncrement
GetSystemInfo
HeapCreate
lstrlenW
MultiByteToWideChar
GetShortPathNameA
WideCharToMultiByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoA
ExitProcess
HeapReAlloc
GetModuleHandleA
GetVersionExA
GetProcessHeap
GetProcAddress
HeapFree
CloseHandle
HeapAlloc
OpenProcess
lstrlenA
TerminateProcess
FreeLibrary
GetCurrentThreadId
GetCommandLineA
InitializeCriticalSection
GetModuleFileNameA
lstrcpyA
LocalFree
GetStringTypeA
IsBadCodePtr
GetStdHandle
IsBadReadPtr
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
HeapSize
RaiseException
RtlUnwind
IsBadWritePtr
GetLocalTime
GetStringTypeW

user32

GetMessageA
DispatchMessageA
PostThreadMessageA
CharNextA

advapi32

FreeSid
RegDeleteValueA
RegOpenKeyExA
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
OpenProcessToken
RegQueryInfoKeyA
AllocateAndInitializeSid
RegEnumValueA
EqualSid

ole32

CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoResumeClassObjects
CoUninitialize
CoSuspendClassObjects

oleaut32

SysStringLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
VariantClear

wsock32

closesocket
WSAStartup
gethostbyname
socket
bind
listen
gethostname
inet_addr
shutdown
WSACleanup

mpr

WNetGetUserA

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pgicsiz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6940d79a19c51a67ab8f5f64492e45f4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wsock32

mpr

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 36KB - Virtual size: 36KB

pgicsiz Size: - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 36KB - Virtual size: 36KB

pgicsiz
Size: - Virtual size: 4KB