NEAS[.]8434454abfcc818cd4990989ceb1edb0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8434454abfcc818cd4990989ceb1edb0_JC.exe
Size

96KB
MD5

8434454abfcc818cd4990989ceb1edb0
SHA1

96dd394ac68fb881ea71844302521514c6e60f72
SHA256

b596d05ef7174fe36e04b7bf3ee578eec173a06e282a717e5841861966445ffc
SHA512

732b46ef01ce35c4525b055df6ed6907dcc106bdca16bc92aea99c4d849d436abba96a9f5ca0d556015e6f559df32819669004bb3552d78b1c882442f0f4b79d
SSDEEP

1536:wrqlmgeutrLtB4MIu2eetbIBPlMcUh0qjBkvXqYPaMB9hyQE2IDCJkia5N:oqlEVMQFhsXaMT4+IDCGia5N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8434454abfcc818cd4990989ceb1edb0_JC.exe

Files

NEAS.8434454abfcc818cd4990989ceb1edb0_JC.exe
.dll windows:10 windows x86

6dd7a91aa1a54f3205d270f9d4d38ae5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
_wcsicmp
wcscpy_s
swprintf_s
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
_except_handler4_common
wcstoul
memset

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-2

SetThreadToken
OpenThreadToken
TerminateProcess
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-security-base-l1-2-0

ImpersonateSelf
RevertToSelf

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-2-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
FreeLibrary
LoadStringW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlEqualSid

miutils

RCClass_AddMethod
Instance_SetElementArrayItem
XMLDOM_Parse
OSC_Type_GetSize
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddElementArray
RCClass_AddMethodParameterQualifierArray
XMLDOM_Free
Instance_IsDynamic
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
RCClass_AddClassQualifierArray
MI_Hash
RCClass_AddMethodParameterQualifier
RCClass_AddMethodQualifierArray
RCClass_AddElement
RCClass_AddClassQualifierArrayItem
RCClass_AddClassQualifier
RCClass_AddMethodParameter
CimErrorFromErrorCode
RtlInitializeCachedFastLock
MiErrorCategoryFromWindowsError
RtlQueueAcquireCachedFastLockExclusive
Instance_New
_SubscriptionDeliveryOptions_Create@12
Config_GetRegString
RtlDeleteCachedFastLock
RtlInterlockedCompareWait
Class_New
RtlReleaseCachedFastLockExclusive
_DestinationOptions_Create@8
RtlInterlockedWakeAll
_OperationOptions_Create@12
Instance_InitDynamic
PublishDebugMessage
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_SubscriptionDeliveryOptions_MigrateOptions@8
_OperationOptions_MigrateOptions@8
_Options_FindValue@8
RtlTryAcquireCachedFastLockShared
RtlReleaseCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlQueueAcquireCachedFastLockShared
OSC_StringToMiValue
RCClass_New
Instance_SetElementArray
RCClass_AddElementQualifier
RCClass_AddElementArrayItem
RCClass_AddElementQualifierArrayItem
RCClass_AddMethodQualifierArrayItem

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dd7a91aa1a54f3205d270f9d4d38ae5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-heap-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

ntdll

miutils

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 84KB - Virtual size: 84KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB