NEAS[.]79850480743f6c464dd9fe168e21c070_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.79850480743f6c464dd9fe168e21c070_JC.exe
Size

7.0MB
MD5

79850480743f6c464dd9fe168e21c070
SHA1

d33cb7ee149879ad9b6704021eb2d857d5178101
SHA256

39abf5acf818b21498ce477a07f5ba04b7ee72bf19897951de7d05c8fd488c2b
SHA512

44ef1950229a8de9ec19ade4c85a4aa37e7af9ef65e9cbfd35b9e186ef69b1b46f61a4515d30ba59a0ec38fba7000a66b1fe79cedb0a62f05d638babfdea5137
SSDEEP

196608:eLs0LgnOsDCcDrZR6s0vq81BL2+FZ99etlYW:eLJmDBXZR6Pby4QYW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.79850480743f6c464dd9fe168e21c070_JC.exe

Files

NEAS.79850480743f6c464dd9fe168e21c070_JC.exe
.dll windows:6 windows x64

2a76b73771cb52a355a5da6aafe8f494

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
TerminateThread
QueryPerformanceFrequency
GetThreadPriority
DeleteFileW
CloseHandle
GetNativeSystemInfo
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
LocalFree
ReplaceFileW
ExitProcess
GetModuleHandleW
FreeLibrary
CopyFileW
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
ResetEvent
GetPriorityClass
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapAlloc
GetFileType
GetStdHandle
ReadConsoleW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
InitializeSListHead
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
GetLocaleInfoEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
InitOnceBeginInitialize
InitOnceComplete
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RaiseException
RtlPcToFileHeader
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SetEvent
OutputDebugStringW
GetFileAttributesExW
GetLastError
FormatMessageW
GetFileInformationByHandle
Sleep
CreateEventW
GetLogicalDriveStringsW
DisconnectNamedPipe
GetModuleHandleA
UnmapViewOfFile
ResumeThread
GetComputerNameExW
GetSystemDirectoryW
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
SetThreadPriority
WaitForMultipleObjects
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
SetPriorityClass
FindFirstFileW
CancelIo
GetVolumeInformationW
ReadFile
GetSystemFirmwareTable
SetThreadAffinityMask
CreateDirectoryW
IsDebuggerPresent
WideCharToMultiByte
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
TryEnterCriticalSection
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetParent
SystemParametersInfoW
EnableMenuItem
GetDesktopWindow
ShowCaret
InvalidateRect
UpdateLayeredWindow
GetClientRect
SetWindowLongW
SetCursor
ToUnicode
SetClipboardData
ReleaseCapture
DrawIconEx
SetWindowsHookExW
SetCapture
DestroyCaret
LoadCursorW
LoadIconW
GetClipboardData
BringWindowToTop
SetLayeredWindowAttributes
GetMessageTime
UnhookWindowsHookEx
GetForegroundWindow
TrackMouseEvent
MapWindowPoints
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
SetCursorPos
IsWindow
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
DestroyCursor
GetWindowPlacement
WindowFromPoint
MessageBeep
SetWindowTextW
EndDialog
CallNextHookEx
SendMessageW
GetIconInfo
EnumDisplayMonitors
EnumChildWindows
MonitorFromWindow
MessageBoxW
SetWindowPos
IsWindowVisible
AttachThreadInput
GetWindowThreadProcessId
ReleaseDC
GetDC
GetWindowTextW
TranslateMessage
SendNotifyMessageW
SetFocus
EnumWindows
PeekMessageW
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
GetAncestor
GetCursorPos
BeginPaint
EndPaint
UnregisterClassW
SendInput
GetMessageW
DefWindowProcW
PostMessageW
SendMessageTimeoutW
GetFocus
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
GetWindowRect
GetAsyncKeyState
GetWindowLongW
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateFontIndirectW
CreateDIBSection
SetMapMode
RemoveFontMemResourceEx
ChoosePixelFormat
SwapBuffers
SetPixelFormat
SaveDC
DeleteObject
StretchDIBits
CreateRectRgnIndirect
CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
RestoreDC
CreateBitmap
CombineRgn
AddFontMemResourceEx
SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
GetOutlineTextMetricsW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetNamedSecurityInfoW
MapGenericMask
RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyA
RegQueryValueExA
RegCloseKey
AccessCheck
DuplicateToken
OpenProcessToken
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW
SHCreateShellItem
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHParseDisplayName
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetKnownFolderPath

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
DoDragDrop
RegisterDragDrop
CoInitializeEx
RevokeDragDrop
PropVariantClear
CLSIDFromString
CoGetApartmentType
CoGetObjectContext

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy

wininet

HttpQueryInfoW
InternetSetFilePointer
InternetCrackUrlW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
InternetWriteFile
InternetOpenW
HttpOpenRequestW
FtpOpenFileW

ws2_32

__WSAFDIsSet
accept
bind
closesocket
select
WSAStartup
inet_addr
send
inet_ntoa
recv
getsockopt
htons
freeaddrinfo
sendto
ioctlsocket
setsockopt
htonl
getaddrinfo

shlwapi

PathStripToRootW

winmm

midiInGetNumDevs
midiOutGetNumDevs
midiInAddBuffer
midiOutLongMsg
midiInStart
midiInGetDevCapsW
midiOutUnprepareHeader
midiInPrepareHeader
midiInReset
midiOutOpen
midiOutPrepareHeader
midiOutGetDevCapsW
midiInOpen
midiInUnprepareHeader
midiInMessage
midiInStop
timeBeginPeriod
timeGetTime
midiOutClose
midiOutShortMsg
midiInClose
midiOutMessage

imm32

ImmAssociateContextEx
ImmSetCandidateWindow
ImmNotifyIME
ImmAssociateContext
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

dxgi

CreateDXGIFactory

opengl32

glPixelMapusv
glTexCoord3i
glLightModeli
glGetString
glTexCoord4s
glTexSubImage2D
glLighti
glEvalCoord1dv
glTexCoord4d
glOrtho
glDepthFunc
glPixelStorei
glColor4usv
glGetLightiv
glShadeModel
glTexCoord1fv
glPrioritizeTextures
glCopyTexImage2D
glNormalPointer
glColor4iv
glEvalCoord1fv
glRasterPos3iv
glDrawBuffer
glVertex3iv
glTexCoord2i
glGetPixelMapfv
glTexCoord1d
glGetFloatv
glRasterPos4dv
glIndexsv
glDeleteLists
wglMakeCurrent
glTexEnviv
glMaterialfv
glFogiv
glTexCoord1iv
glAreTexturesResident
glPushMatrix
glIsTexture
glPopName
glLightfv
glDisable
glEvalMesh2
glMultMatrixf
glGetTexGendv
glRasterPos4i
glColor4f
glClearDepth
glIndexs
glGetError
glRectf
glDrawElements
glGetTexParameteriv
glGetTexImage
glVertex2d
glTexCoord1s
glCopyTexImage1D
glGetClipPlane
glScaled
glColor3d
glListBase
glTexEnvi
glColorMaterial
glColor3ubv
glColorPointer
glColor4ub
glTexCoord1i
glColor3bv
glVertex3d
glFlush
glRasterPos3dv
glNormal3s
glBitmap
glFogi
glRasterPos3d
glClearIndex
glRasterPos2i
glIsEnabled
glRasterPos4d
glRotatef
glRasterPos2sv
glArrayElement
glPixelTransferf
glColor4b
glRasterPos2f
glColor3us
glGetPixelMapusv
glIndexMask
glTexCoord4i
glTexParameteriv
glFeedbackBuffer
glEvalMesh1
glPixelMapuiv
glVertex2f
glTexImage2D
glGetMaterialfv
glRectdv
glTranslatef
glPushName
glTexParameterf
glLightiv
glPushAttrib
glGetIntegerv
glPolygonStipple
glClearStencil
glLogicOp
glScalef
glLightf
glEvalCoord2d
glGetDoublev
glTexGeni
glTexCoord3d
glPointSize
glColor3fv
glNormal3fv
glGetTexParameterfv
glMaterialf
glClearAccum
glRects
glPopMatrix
glEvalCoord2fv
glColor4i
glLightModeliv
glViewport
glTexImage1D
glDepthRange
glEdgeFlagv
glEnableClientState
glVertex4dv
glRecti
glColor3dv
glStencilOp
glNormal3sv
glVertex4sv
glIndexiv
glTexCoord3fv
glRasterPos3s
glInterleavedArrays
glClear
glEvalPoint2
glColor3uiv
glColor3ui
glIndexd
glVertex3i
glColor3s
glVertex2dv
glCopyPixels
glTexCoord3s
glPolygonOffset
glVertex2iv
wglShareLists
glTexSubImage1D
glLoadMatrixd
glIsList
glTexCoord2iv
glTexEnvf
glStencilMask
glTexCoord4fv
glRasterPos3fv
glGetTexLevelParameterfv
glMap1f
glNewList
glPopAttrib
glNormal3bv
glPolygonMode
glRotated
glTexGenf
wglGetCurrentContext
glColor3usv
glNormal3b
glPixelTransferi
glRasterPos3f
glRectfv
glBindTexture
glGetPointerv
glGenTextures
glNormal3dv
glColor4d
glRasterPos4iv
glVertexPointer
glGetMapiv
glEnable
glVertex3f
glIndexubv
glTexCoord3iv
glCullFace
glDepthMask
glPopClientAttrib
glRasterPos2d
glMapGrid1f
glGetLightfv
glLoadMatrixf
glTexGend
glTexCoord2d
glVertex3sv
glMapGrid2d
glEnd
glVertex4f
glPassThrough
glColor4s
glEdgeFlagPointer
glMaterialiv
glColor4ui
glVertex4d
glScissor
glFogf
glTexParameterfv
glTexCoord2dv
glSelectBuffer
glRasterPos3sv
glAccum
glGetMapfv
glTexCoord4dv
glTexCoord3sv
glCallList
glFogfv
glVertex2sv
glFrustum
glVertex3s
glCopyTexSubImage2D
glColor4bv
glRasterPos2dv
glTexCoord2f
glColor4uiv
glGetTexLevelParameteriv
glVertex4iv
glEvalPoint1
glDisableClientState
glGetTexGeniv
glColor4dv
glMateriali
glCopyTexSubImage1D
glRasterPos2iv
glGenLists
glMatrixMode
glTexCoord1f
glMapGrid1d
glTexCoord2fv
glEvalCoord2f
glTexGenfv
glTranslated
glVertex4fv
glRasterPos3i
glVertex3dv
glRasterPos4sv
glDrawPixels
glCallLists
glFrontFace
glIndexub
glTexGendv
glVertex2fv
glEvalCoord2dv
glTexCoord4iv
glLineWidth
glColor4sv
glColor3f
glNormal3f
glIndexfv
glRasterPos4s
glStencilFunc
glColor3i
glLineStipple
glTexCoord2sv
glBlendFunc
glReadPixels
wglCreateContext
glColorMask
glTexCoord4sv
glMap1d
glTexCoord3dv
glInitNames
glMapGrid2f
glRasterPos4f
glGetMaterialiv
glIndexdv
glLoadIdentity
glColor3iv
glEdgeFlag
glRasterPos4fv
glRasterPos2s
glMultMatrixd
glEndList
glIndexPointer
wglGetProcAddress
glVertex3fv
glLoadName
glTexGeniv
glLightModelf
glRectiv
glPixelMapfv
glTexParameteri
glNormal3iv
glTexEnvfv
glVertex4s
glRenderMode
glFinish
glEvalCoord1d
glMap2f
glColor4ubv
glColor4fv
glDeleteTextures
glGetPolygonStipple
glGetTexEnvfv
glTexCoord2s
glTexCoord4f
glRectd
glVertex4i
glTexCoord3f
glPushClientAttrib
glHint
glReadBuffer
glTexCoord1sv
glAlphaFunc
glBegin
glRectsv
glTexCoordPointer
glColor3sv
glClipPlane
glIndexf
glIndexi
glPixelStoref
glPixelZoom
glNormal3d
glVertex2s
glGetTexEnviv
glClearColor
glLightModelfv
glVertex2i
glGetMapdv
glRasterPos2fv
glColor3ub
glGetBooleanv
glTexCoord1dv
glMap2d
glDrawArrays
glColor3b
wglDeleteContext
glNormal3i
glGetPixelMapuiv
glColor4us
glGetTexGenfv
glEvalCoord1f

Exports

Exports

ExitDll
GetPluginFactory
InitDll

Sections

.text
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lies0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lies1
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a76b73771cb52a355a5da6aafe8f494

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

shlwapi

winmm

imm32

dxgi

opengl32

Exports

Exports

Sections

.text Size: - Virtual size: 5.5MB

.rdata Size: - Virtual size: 3.6MB

.data Size: - Virtual size: 261KB

.pdata Size: - Virtual size: 244KB

_RDATA Size: - Virtual size: 348B

.lies0 Size: - Virtual size: 1.8MB

.lies1 Size: 6.9MB - Virtual size: 6.9MB

.reloc Size: 512B - Virtual size: 252B

.rsrc Size: 60KB - Virtual size: 60KB

.text
Size: - Virtual size: 5.5MB

.rdata
Size: - Virtual size: 3.6MB

.data
Size: - Virtual size: 261KB

.pdata
Size: - Virtual size: 244KB

_RDATA
Size: - Virtual size: 348B

.lies0
Size: - Virtual size: 1.8MB

.lies1
Size: 6.9MB - Virtual size: 6.9MB

.reloc
Size: 512B - Virtual size: 252B

.rsrc
Size: 60KB - Virtual size: 60KB