NEAS[.]8c711af30be3991050d0d011d92cfbe0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8c711af30be3991050d0d011d92cfbe0_JC.exe
Size

49KB
MD5

8c711af30be3991050d0d011d92cfbe0
SHA1

90fdeb6ce826e5d709d9ba90876a0caa20aee0c8
SHA256

9c65a4ef1817d78d1524657755f45e1c7bc90bcddfdeb391840a65048d985b5f
SHA512

c23278dc6c8fe64251dc6ef14229ca0013e58a55f8e69d6f7d05566ed474c3c7d6ade3be42957f8e6f26c57cca446739bea058f58a62ac1c5e90344a52396653
SSDEEP

768:GuqVbJ2wVirq1wwxiq97i4bHt0522zkQgNWXS6izX9kDyEIaXAbK:GuqtJlVirqBxRbN+S6izX9UVwO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8c711af30be3991050d0d011d92cfbe0_JC.exe

Files

NEAS.8c711af30be3991050d0d011d92cfbe0_JC.exe
.dll windows:6 windows x64

e45e2b37bdd893ee31d20c8bb236a957

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_vsnwprintf
strchr
memcpy
__C_specific_handler
_amsg_exit
free
_vscwprintf
memset
_initterm
malloc
_XcptFilter
_wcsicmp
??2@YAPEAX_K@Z
wcschr
??3@YAXPEAX@Z

spp

SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure
SxTracerDebuggerBreak

kernel32

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetTickCount
GetLastError
IsWow64Process
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
QueryPerformanceCounter
Sleep
GetSystemTimeAsFileTime
LocalFree
SetLastError
MultiByteToWideChar
GetCommandLineW
GetModuleFileNameW
DisableThreadLibraryCalls
RtlCaptureContext

ntdll

RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlSetCurrentTransaction
RtlGetCurrentTransaction
EtwTraceMessage
RtlNtStatusToDosError
RtlGetLastNtStatus
RtlSetThreadErrorMode

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW

Exports

Exports

DisableSR
DisableSRInternal
EnableSR
EnableSREx
EnableSRInternal
SRNewSystemId
SRRemoveRestorePoint
SRSetRestorePointA
SRSetRestorePointInternal
SRSetRestorePointW
SetSRStateAfterSetup

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e45e2b37bdd893ee31d20c8bb236a957

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

spp

kernel32

ntdll

ole32

advapi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 72B

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 72B