NEAS[.]e87c959f5685996e2aa63e7a351b6ea0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e87c959f5685996e2aa63e7a351b6ea0_JC.exe
Size

439KB
MD5

e87c959f5685996e2aa63e7a351b6ea0
SHA1

6a5aeb962fcfaf9ea9096b70ebd47419d451717f
SHA256

78abef69f4cfc055a4e739ee45471fa21cbac08ade4be04166dceec4726d120f
SHA512

b2c81573268f0640ea90ff7968197a72d8ba7040d8499a1b79d2a73860874c7c3e7d3b36667da59d48495c85e6fddc989d28939e2ffa6c09fb4c348205fb5bec
SSDEEP

6144:xNy6C9R4/HcCrp9AbehLQq2UM7Je4kv0HO883Si5/0x:ZH5hLR2UM7A4S0S3S0/0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e87c959f5685996e2aa63e7a351b6ea0_JC.exe

Files

NEAS.e87c959f5685996e2aa63e7a351b6ea0_JC.exe
.exe windows:5 windows x86

76506ee3413225d254fb2c46479e269b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeA
GetVolumeInformationA
Sleep
GetEnvironmentVariableA
CreateDirectoryA
SetCurrentDirectoryA
GetLogicalDriveStringsA
GetLastError
SetFileAttributesA
GetCurrentDirectoryA
SetErrorMode
CreateThread
PeekNamedPipe
GetExitCodeProcess
CreateProcessA
TerminateProcess
ReadFile
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleFileNameA
ExitProcess
LoadLibraryA
CloseHandle
VirtualProtect
WriteFile
SetFilePointer
WinExec
CreateFileA
SetEndOfFile
CreateFileW
GetStringTypeW
FlushFileBuffers
LCMapStringW
SetStdHandle
HeapAlloc
HeapQueryInformation
HeapSize
HeapReAlloc
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapValidate
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
GetConsoleMode
ReadConsoleW
SetLastError
GetCurrentThreadId
GetStdHandle
DeleteCriticalSection
SetFilePointerEx
GetFileType
GetStartupInfoW
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetConsoleCP
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WaitForSingleObjectEx
LoadLibraryExW
OutputDebugStringA
WriteConsoleW
FreeLibrary
HeapFree
VirtualQuery

user32

EnumWindows
GetClassNameA

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
SetSecurityDescriptorDacl

shell32

ShellExecuteA
SHFileOperationA

ws2_32

recv
socket
closesocket
gethostbyname
send
connect
WSACleanup
htons
inet_addr
WSAStartup
__WSAFDIsSet
select
ioctlsocket
getpeername
recvfrom
sendto
WSAGetLastError
getaddrinfo
freeaddrinfo
inet_ntoa

winmm

timeGetTime

Sections

.text
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76506ee3413225d254fb2c46479e269b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

winmm

Sections

.text Size: 354KB - Virtual size: 353KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 113KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 354KB - Virtual size: 353KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 113KB

.rsrc
Size: 512B - Virtual size: 480B