NEAS[.]02e68493c18a3d718b08eb7fe471fc10[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.02e68493c18a3d718b08eb7fe471fc10.exe
Size

488KB
MD5

02e68493c18a3d718b08eb7fe471fc10
SHA1

5f642e057d4bff2a2dfd9ee016e4da63fa2bdc04
SHA256

fe6cb745c9e51a574e7530f38f7d996a33fc93984f8c372cf7003626df97ff8a
SHA512

5f49866735403e38f31236f268aad6e797f3f01b4cd6d9919d3bc9c919e182efd057b75d66ca7b630aca34376eb560744d86882e39d95872803abb3fcba94c6b
SSDEEP

6144:iFnC5Uomrfy9XcgnHxnIYVadUydWv6fEWtescQx1bFYZo0ixip56WlvK:i2UfLy9McLoe6MWtes3YYip5Nlv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.02e68493c18a3d718b08eb7fe471fc10.exe

Files

NEAS.02e68493c18a3d718b08eb7fe471fc10.exe
.dll windows:4 windows x86

7b39e878d981debf949c46198eb575a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrcpyA
GetProcAddress
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalAlloc
EnterCriticalSection
CreateFileA
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
FreeLibrary
DisableThreadLibraryCalls
LeaveCriticalSection
GetCurrentProcessId
VirtualAlloc
SetFilePointer
VirtualProtect

user32

GetWindowThreadProcessId
IsWindowVisible
IsWindow
GetTopWindow
CallNextHookEx
GetKeyState
RegisterClassExA
GetClassNameA
GetClassInfoExA
SetParent
SetWindowPos
OpenClipboard
SetClipboardData
GetWindow
SendDlgItemMessageA
wsprintfA
GetDlgItemTextA
SetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
EnableWindow
SetWindowTextA
ShowWindow
DestroyWindow
PostQuitMessage
GetWindowTextA
KillTimer
GetDlgItem
SendMessageA
GetWindowRect
CloseClipboard
MapWindowPoints
EmptyClipboard

advapi32

RegSetValueExA
RegOpenKeyA
RegCloseKey

comctl32

ord17

msvcrt

free
strstr
atoi
_beginthread
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
_adjust_fdiv
_itoa
_initterm

ws2_32

send

shlwapi

PathRemoveFileSpecA

Exports

Exports

JGYNE

Sections

.JGYNET
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text0
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b39e878d981debf949c46198eb575a4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

msvcrt

ws2_32

shlwapi

Exports

Exports

Sections

.JGYNET Size: 224KB - Virtual size: 222KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

.text0 Size: 56KB - Virtual size: 52KB

.text1 Size: 140KB - Virtual size: 139KB

.reloc Size: 52KB - Virtual size: 48KB

.JGYNET
Size: 224KB - Virtual size: 222KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text0
Size: 56KB - Virtual size: 52KB

.text1
Size: 140KB - Virtual size: 139KB

.reloc
Size: 52KB - Virtual size: 48KB