NEAS[.]0c2a31d9302f24271f04bad65cc20ed0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0c2a31d9302f24271f04bad65cc20ed0_JC.exe
Size

194KB
MD5

0c2a31d9302f24271f04bad65cc20ed0
SHA1

81d06f6d90d5e10909fcfceaec5fbb596772d17c
SHA256

e6165d260f486667788453b55e966e2ae1b9ecdba2cc76cc1b0f98a3736dd103
SHA512

edc9bcfb88fa22b67e65f2fe251a8a9c6fa39e78b7395706c3c1cf51b9234c1530913061e867c5755d81bb10d8938829e1a8eba785440af3023a3605326eabf3
SSDEEP

3072:jdASf6qR2DHB2NjxgksomheovJrV2mbiKGkgRSsJwk6rpG8ZYJvkNYbv6rpG8ZYJ:jdASf6qRA2yk9mheovJrVwweN4H68C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0c2a31d9302f24271f04bad65cc20ed0_JC.exe

Files

NEAS.0c2a31d9302f24271f04bad65cc20ed0_JC.exe
.exe windows:5 windows x86

a584dc5698dbd077254f0ac510bdd689

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW
PathFindFileNameW

kernel32

CreateFileW
GetTickCount
GetProcAddress
LoadLibraryW
OutputDebugStringW
GetSystemTime
CreateThread
CreateProcessW
Sleep
GetModuleHandleW
WaitForSingleObject
SetEvent
GetWindowsDirectoryW
CreateEventW
ResetEvent
GetVersionExW
GetExitCodeProcess
GetModuleFileNameW
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
FreeLibrary
SetLastError
GetSystemDirectoryW
ProcessIdToSessionId
GetCurrentProcessId
HeapReAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GetOverlappedResult
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
HeapAlloc
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapFree
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
RtlUnwind
RaiseException
LoadLibraryA
InterlockedExchange
LocalAlloc
FlushFileBuffers
SetStdHandle
DeviceIoControl
GetLastError
CancelIo
CloseHandle
SetFilePointer
GetConsoleCP
WriteConsoleW
SetEndOfFile
GetConsoleMode
MultiByteToWideChar
LCMapStringW
GetProcessHeap
WriteFile
ReadFile

user32

FindWindowW
GetDesktopWindow
GetDC
TranslateMessage
TranslateAcceleratorW
DrawIcon
ReleaseDC
GetMenu
GetSubMenu
TrackPopupMenu
LoadImageW
SetWindowsHookExW
UnhookWindowsHookEx
GetWindowThreadProcessId
MapVirtualKeyW
GetScrollInfo
GetWindowInfo
DialogBoxParamW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
EndDialog
GetSystemMetrics
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetMessageW
PostQuitMessage
wsprintfW
GetAncestor
PostMessageW
GetWindowRect
ChildWindowFromPoint
SetForegroundWindow
GetClassNameW
RegisterClassExW
CreateWindowExW
SetWindowRgn
SetWindowPos
ShowWindow
RegisterWindowMessageW
SendMessageTimeoutW
DestroyWindow
BeginPaint
LoadCursorW
DrawIconEx
EndPaint
DefWindowProcW
FindWindowExW
GetParent
SendMessageW
SetCursorPos
ShowCursor
SetTimer
GetLastInputInfo
GetCursorPos
WindowFromPoint
KillTimer
UpdateWindow
mouse_event
LoadIconW
LoadAcceleratorsW
SystemParametersInfoW
InvalidateRect

gdi32

CreateSolidBrush
CreateBrushIndirect
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
Ellipse
CreatePen
CreateEllipticRgn

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a584dc5698dbd077254f0ac510bdd689

Headers

DLL Characteristics

File Characteristics

Imports

winmm

psapi

version

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 16KB - Virtual size: 16KB