NEAS[.]b364b754a945cc1f708ede136d5fe1b0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b364b754a945cc1f708ede136d5fe1b0_JC.exe
Size

2.0MB
MD5

b364b754a945cc1f708ede136d5fe1b0
SHA1

371193d48174725c4964ae253d53addd11b38093
SHA256

11564f9a4fcfdeec7da187ba45e29aecbc4cb2487ea037e6fe5b0ca5c6bfa989
SHA512

c630e9b0555e93cee488234b2a5b02c09fb7c1d9066ba67e7900cc404527e4475804f8d96ae965b19c97414020d2c9d41a9aff8ce32dc58fb4ad73e19feff0c3
SSDEEP

49152:GuAAilVVct3Xr8/SJgVYW12sDs5K5Skqb69F:G7AilvWA/SJsHQKckqbg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b364b754a945cc1f708ede136d5fe1b0_JC.exe

Files

NEAS.b364b754a945cc1f708ede136d5fe1b0_JC.exe
.dll windows:5 windows x86

951219246139bc9b0c0279d15aa04609

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptGenRandom
AddUsersToEncryptedFile
RegOpenKeyExA
IsTextUnicode

kernel32

DeleteCriticalSection
InterlockedPushEntrySList
VerLanguageNameW
GetSystemTimeAsFileTime
SetEvent
GetProcessHeap
EnterCriticalSection
WaitForSingleObject
GetExitCodeProcess
VirtualAlloc
LeaveCriticalSection
GetModuleFileNameW
GetBinaryTypeW
GetModuleFileNameA
OutputDebugStringA

gdi32

CreatePalette
StartDocW

lz32

LZRead
LZClose
LZOpenFileA
LZSeek

setupapi

SetupDiDestroyDeviceInfoList

msvcrt

isgraph
fgets

user32

GetUpdateRgn
PostQuitMessage
VkKeyScanExW
CascadeWindows
CreateMDIWindowA
UpdateWindow
LoadStringW
ShowWindow
GetMessageA
MoveWindow
LoadImageW

ws2_32

select

oleaut32

LoadTypeLibEx
DispInvoke
GetErrorInfo

Sections

.text
Size: 412KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

951219246139bc9b0c0279d15aa04609

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

lz32

setupapi

msvcrt

user32

ws2_32

oleaut32

Sections

.text Size: 412KB - Virtual size: 410KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 1.6MB - Virtual size: 1.6MB

.qdata Size: 40KB - Virtual size: 37KB

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 412KB - Virtual size: 410KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.qdata
Size: 40KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 32KB - Virtual size: 28KB