NEAS[.]e49438f0fa6cac805923b4cb4dfd0060_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e49438f0fa6cac805923b4cb4dfd0060_JC.exe
Size

289KB
MD5

e49438f0fa6cac805923b4cb4dfd0060
SHA1

bc431dbb6846279c2aecacd48ad65ef38b469f7e
SHA256

7ec907098bfc7ea5ecd3502d202d2dcd4a9f2e90f833edb3453ea70bdf093ce2
SHA512

7777a1893d55bd81869ed4bf8ef01f467659c0814142ae06bec37848b84196bfed5fe1eb12684732758625be86428387731bbebde79fd794c17f199b4a12edc8
SSDEEP

6144:i0+G/9BOWBMExCTQonaVYFkDnEQytTRSW6gxjn3K17KfeK:FbtxwaVqkDnEQGTR9fK17I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e49438f0fa6cac805923b4cb4dfd0060_JC.exe

Files

NEAS.e49438f0fa6cac805923b4cb4dfd0060_JC.exe
.dll regsvr32 windows:4 windows x86

81226ded43c54853e9d0eb4a6ebf2ea5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
CreateFileA
lstrlenW
lstrcmpiA
lstrlenA
GetACP
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
LockResource
GlobalAlloc
LocalFree
GetLocaleInfoA
GetVersionExA
GetProcAddress
LocalAlloc
GetThreadLocale
VirtualProtect
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
CreateProcessA
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
CloseHandle
GetModuleFileNameA
LoadLibraryW
GetLastError
WideCharToMultiByte
GetTempFileNameA
GetTempPathA
HeapFree
HeapAlloc
Sleep
FindResourceExA
MultiByteToWideChar
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

user32

UnregisterClassA
CharNextA
LoadStringA

advapi32

RegQueryValueExW
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
StringFromGUID2
CoCreateInstance
CoUninitialize

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString

mfc80

ord1209
ord1177
ord1175
ord1201
ord1120
ord1167
ord371
ord764
ord1187
ord1185
ord1191
ord1084
ord578
ord1489
ord299
ord6703
ord266
ord631
ord2751
ord2748
ord2288
ord2280
ord300
ord386
ord784
ord304
ord6754
ord3683
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord757
ord3830
ord1049
ord314
ord2248
ord1917
ord265
ord762
ord1031
ord3514
ord1098
ord1208
ord1206
ord1092
ord1037
ord315
ord765
ord581

msvcr80

wcsstr
_mbsnbcpy_s
memcpy_s
strcpy_s
wcsncpy_s
strcat_s
wcschr
wcsrchr
memcpy
_ismbcspace
vswprintf_s
vsprintf_s
fclose
fwprintf_s
fopen_s
_except_handler4_common
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memset
_resetstkoflw
_recalloc
__CxxFrameHandler3
_vsnwprintf
wcscpy_s
free
malloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81226ded43c54853e9d0eb4a6ebf2ea5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

mfc80

msvcr80

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 228KB - Virtual size: 228KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 228KB - Virtual size: 228KB