NEAS[.]02b517d574400e6a7159548b2c811020_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.02b517d574400e6a7159548b2c811020_JC.exe
Size

748KB
MD5

02b517d574400e6a7159548b2c811020
SHA1

8a27ec67433d148866c17cf82dd22db5b64fdc57
SHA256

55f6864e65d7549f8d8d2a721e4594e0ecfee60bdedad34b4e9e459068a4ac1c
SHA512

649b9a77e92c7a1158a7ee263fb54dcf2a1e2a857f2e08dfa74da74202cda58f8efcccc5993c2ab29c77f4b8d08fc9c12ff9be00687ec08dfa82fb66e6258513
SSDEEP

12288:6FCmPJ0EF0XXiAKKGPOgQr8pIwRpcvqgXyEh4+4MQmkA1wugMm59ZPXd4BzMTpuz:6Vj8yOgQr8pIwcvZ9h4+gkwugMm59ZFI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.02b517d574400e6a7159548b2c811020_JC.exe

Files

NEAS.02b517d574400e6a7159548b2c811020_JC.exe
.exe windows:4 windows x86

61affb4114b87a7ba8d5bd486242dc38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DestroyWindow
DispatchMessageA
CreateWindowExA
SendMessageA
DefWindowProcA
ReplyMessage
PeekMessageA
FindWindowA
MessageBoxA
GetWindowLongA
RegisterClassExA
SetWindowLongA

ws2_32

gethostname
gethostbyname
getsockname
select
getpeername
recvfrom
recv
send
sendto
accept
connect
WSAIoctl
WSAStartup
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSAResetEvent
WSARecvFrom
WSARecv
WSASetEvent
WSACloseEvent
shutdown
closesocket
socket
ioctlsocket
setsockopt
WSACreateEvent
WSAGetLastError
WSACleanup
inet_addr
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
bind
WSASetLastError

netapi32

Netbios

advapi32

RegCreateKeyExA
RegQueryValueExA

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

_controlfp_s
__CxxFrameHandler3
??3@YAXPAX@Z
_purecall
strchr
atoi
strcmp
strlen
printf
??2@YAPAXI@Z
_time64
exit
memcpy
fabs
memset
fclose
_localtime64
fflush
fputs
fseek
free
malloc
sprintf_s
memmove
asctime
vfprintf
fprintf
vprintf
_ctime64
fread
ftell
fopen
_exit
getenv
__iob_func
_CIsqrt
strrchr
_fullpath
toupper
tolower
isdigit
sscanf
strncmp
_stat64i32
vsprintf
_vsnprintf
fwrite
_snprintf
strstr
strncpy
sprintf
strtok
_gmtime64
_mkgmtime64
atof
ceil
strpbrk
isprint
_difftime64
_mktime64
??_V@YAXPAX@Z
isspace
strtoul
strtol
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_stricmp
strncpy_s
memcpy_s
vsprintf_s
_vscprintf
_itoa_s
strcpy_s
calloc
strcat_s
rand
memmove_s
_strnicmp
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexW
CreateEventA
CreateThread
SetThreadPriority
LeaveCriticalSection
GetCurrentThreadId
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeProcess
CreateDirectoryA
CopyFileA
DeleteFileA
CompareFileTime
GetCurrentDirectoryA
IsDebuggerPresent
FindNextFileA
SetErrorMode
GetDiskFreeSpaceExA
GetDriveTypeA
CreateFileA
GetSystemTimeAsFileTime
SetFileTime
GetSystemTime
SystemTimeToFileTime
FindFirstFileA
FindClose
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateProcessA
GetLastError
IsBadReadPtr
GetComputerNameA
GetLocalTime
OutputDebugStringA
CloseHandle
CreateMutexA
ReleaseMutex
WaitForSingleObject
GetTickCount
Sleep
GetCurrentProcessId
SetCurrentDirectoryA

Exports

Exports

PB_SendUdpPacket

Sections

.text
Size: 568KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61affb4114b87a7ba8d5bd486242dc38

Headers

File Characteristics

Imports

user32

ws2_32

netapi32

advapi32

msvcp80

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 568KB - Virtual size: 565KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 60KB - Virtual size: 57KB

.text
Size: 568KB - Virtual size: 565KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 60KB - Virtual size: 57KB