NEAS[.]049889ccccb52cce1cb0828366662240_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.049889ccccb52cce1cb0828366662240_JC.exe
Size

364KB
MD5

049889ccccb52cce1cb0828366662240
SHA1

45f1aa4d42fde361d894f830b23a71c4394ec437
SHA256

01d7828f082b2478cf0bdd33fdebc8da71ac2661d1f34bc5e7e226eaa4f4bf12
SHA512

df57637b57060416683eeb14c843994e10a47f4f0a928703a96468940d9b869abc2179fbfd63fcd983575086d9659ab1506ef2eb15bdef8ddd818e26da17f8ef
SSDEEP

6144:s90Bn+D6LUwhZm20DU48doOr3O63lF4Li7ypDsoMF7JvBJ51ioUtmz6Zb:OI+Dnw6zd8aOy63l+LimpDtmZ1DUQz6Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.049889ccccb52cce1cb0828366662240_JC.exe

Files

NEAS.049889ccccb52cce1cb0828366662240_JC.exe
.dll windows:6 windows x86

afac00ff2c97a3ae176f4d8fcb49f55e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
__std_terminate
memcpy
memset
_CxxThrowException
memmove
memcmp
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_seh_filter_dll
_crt_atexit
_execute_onexit_table
_errno
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_cexit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

AXE8_ExpatGetVersion
AXE8_ExpatInit
AXE8_ExpatTerminate

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afac00ff2c97a3ae176f4d8fcb49f55e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 235KB - Virtual size: 236KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 235KB - Virtual size: 236KB