NEAS[.]627dc6c1a8d38ffc64bf884c2de90410_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.627dc6c1a8d38ffc64bf884c2de90410_JC.exe
Size

560KB
MD5

627dc6c1a8d38ffc64bf884c2de90410
SHA1

89307c8ecc40d56f28be2db551720d8e794f0f6d
SHA256

afdaa4b52f2cd3b235636c424495cb83207d785275ada175b4cb9e0144db7d74
SHA512

27981d1cf40e88f48ba13a40aa9d627a2023864160139146f43cdb050893064043df69530151d2efb0485f731d984f7735519b0d80a8d9de26cf26c223dcbb6d
SSDEEP

12288:oCSm+I8RksKuQ5MVHlAbFz88C2eRSW15XxC24mWWIO:II8guQ5MVHlAbFzXFeUWHXg21

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.627dc6c1a8d38ffc64bf884c2de90410_JC.exe

Files

NEAS.627dc6c1a8d38ffc64bf884c2de90410_JC.exe
.dll regsvr32 windows:10 windows x86

7a17e8d91727e80dbb1935919a8fd1fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_vsnwprintf
wcsncpy
_alloca_probe
_wtoi
memcpy
memcmp
_ftol2_sse
_ftol2
_chkstk
_wsplitpath_s
wcsncmp
wcstoul
wcspbrk
_alldiv
_allmul
memset
_allrem
RtlUnwind

msvcrt

malloc
free
rand
atof
srand
_callnewh
_purecall
realloc

kernel32

DecodePointer
LoadLibraryExA
InterlockedPushEntrySList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
lstrcmpW
ResetEvent
SetEvent
WaitForMultipleObjectsEx
CreateSemaphoreExW
ReleaseSemaphore
CreateThread
GetTickCount
SetLastError
SetThreadPriority
CompareStringW
lstrlenW
Sleep
SetFilePointer
ReadFile
GlobalFree
GetFullPathNameW
WriteFile
GetSystemDirectoryW
GetFileTime
DeleteFileW
GetCurrentDirectoryW
GetFileType
IsProcessorFeaturePresent
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetProcAddress
EncodePointer
lstrcpyW
CloseHandle
ReleaseMutex
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
GetModuleFileNameA
GetSystemInfo
CreateEventW
LockResource
DisableThreadLibraryCalls
EnterCriticalSection
DelayLoadFailureHook
GetLastError
RaiseException
GlobalUnlock
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
IsBadWritePtr
MulDiv
lstrcpynW
LeaveCriticalSection
HeapDestroy
GetVersionExW
IsBadCodePtr
SizeofResource
LoadLibraryW
WideCharToMultiByte
GlobalAlloc
InitializeCriticalSection
IsBadReadPtr
GetCurrentThread
GetModuleHandleW
WaitForSingleObject
GlobalLock
GetCurrentProcess
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
CreateMutexW
GetFileSize
CreateSemaphoreW
WaitForMultipleObjects
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualAlloc
FlushInstructionCache
GetThreadPriority
ResolveDelayLoadedAPI

gdi32

CreateDIBSection
CreateCompatibleDC
StretchBlt
SetStretchBltMode
GetTextMetricsW
DeleteDC
CreateFontIndirectW
GetDeviceCaps
DeleteObject
SelectObject
GetTextExtentPointW

user32

GetDC
IsDialogMessageW
InvalidateRect
GetWindowLongW
GetWindowTextW
PeekMessageW
ReleaseDC
SetWindowLongW
EndDialog
SetWindowPos
LoadStringW
ShowWindow
CreateDialogParamW
IsWindow
WinHelpW
GetDialogBaseUnits
DefWindowProcW
MsgWaitForMultipleObjects
CharNextW
GetWindowRect
DestroyWindow
CharPrevW
IsRectEmpty
IsDlgButtonChecked
CheckRadioButton
GetDlgItemInt
SetDlgItemInt
MessageBoxW
MoveWindow
GetDesktopWindow
GetDlgItemTextA
SetDlgItemTextW
PostThreadMessageW
RegisterWindowMessageW
GetDlgItem
GetQueueStatus
GetWindowTextLengthW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueW
RegEnumValueW

ole32

StgOpenStorage
CoCreateFreeThreadedMarshaler
StgCreateDocfile
OleLoadFromStream
CoInitialize
CLSIDFromString
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemRealloc
CreateBindCtx
CoCreateInstance

oleaut32

SysAllocString
VariantClear
LoadTypeLi
VariantCopy
VariantInit
SysAllocStringLen
VarI4FromStr
LoadRegTypeLi
SetErrorInfo
RegisterTypeLi
SysFreeString
VariantChangeTypeEx

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

winmm

timeBeginPeriod
timeEndPeriod
timeSetEvent
timeGetTime
timeKillEvent

comdlg32

GetOpenFileNameW

gdiplus

GdipCreateBitmapFromStreamICM
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipDisposeImage
GdipAlloc
GdipBitmapUnlockBits
GdipGetImageHeight
GdipCreateBitmapFromFileICM
GdipFree
GdiplusStartup
GdiplusShutdown

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a17e8d91727e80dbb1935919a8fd1fc

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

kernel32

gdi32

user32

advapi32

ole32

oleaut32

msvfw32

winmm

comdlg32

gdiplus

Exports

Exports

Sections

.text Size: 457KB - Virtual size: 456KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 457KB - Virtual size: 456KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 26KB - Virtual size: 25KB