NEAS[.]03a4fac33edae3b03a969f1feea1d350_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.03a4fac33edae3b03a969f1feea1d350_JC.exe
Size

796KB
MD5

03a4fac33edae3b03a969f1feea1d350
SHA1

8e96969ccc8344d7573adb033c43600715818e56
SHA256

a7b8f6e0196aad52e28b422267b632dad69a6daa9786a00d35081c90fde403de
SHA512

b59d6cf83b7ba0adf146f4205bb1d739381ea28c5012111079500f1eaa7c4f52b74fa713a52024740d9be9e1dfdcedb871352c9d0700a63d29b6101a01cbc8cf
SSDEEP

12288:Igl4nKihTyBRUSpTgooLksgy43IYOaKj5/ug3W/8SpakBnOg23egilW6gn2:Ie45CopgyxYOf/uggqkJOnoE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.03a4fac33edae3b03a969f1feea1d350_JC.exe

Files

NEAS.03a4fac33edae3b03a969f1feea1d350_JC.exe
.exe windows:4 windows x86

4a4004e16af1802fa65b3b52fb8b5e0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite

kernel32

TlsSetValue
LocalReAlloc
TlsFree
ResumeThread
GetTickCount
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleA
GlobalFlags
SetErrorMode
GetFileTime
GetStartupInfoW
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
VirtualQuery
ExitProcess
RtlUnwind
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
TlsAlloc
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
TlsGetValue
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
GlobalFree
FormatMessageW
MulDiv
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
FlushFileBuffers
GetThreadLocale
GetStringTypeExW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalAlloc
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
RaiseException
GetPrivateProfileIntW
GetCurrentProcess
TerminateProcess
GetCommandLineW
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
SetNamedPipeHandleState
WaitNamedPipeW
GetCurrentProcessId
GlobalUnlock
GlobalLock
GetVersionExW
WideCharToMultiByte
GetLocaleInfoW
FlushViewOfFile
UnmapViewOfFile
OutputDebugStringW
MapViewOfFile
GetSystemInfo
CreateFileMappingW
LocalFree
LocalAlloc
OpenFileMappingW
CompareStringW
FindResourceW
lstrlenA
FlushInstructionCache
GetThreadContext
SetThreadContext
InterlockedCompareExchange
LoadResource
LockResource
SizeofResource
InterlockedDecrement
InterlockedIncrement
CreateFileA
MultiByteToWideChar
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenW
GetCurrentThread
WriteFile
LockFile
ReadFile
MoveFileW
FindClose
FindFirstFileW
GetFileSize
SetEndOfFile
SetFilePointer
CreateFileW
GetFileAttributesW
CreateDirectoryW
UnlockFile
GetModuleFileNameW
TerminateThread
Sleep
GetLastError
GetExitCodeThread
SetLastError
CloseHandle
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
SuspendThread
WaitForSingleObject
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
FreeEnvironmentStringsW

user32

EndDialog
CreateDialogIndirectParamW
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
GetCursorPos
ValidateRect
LoadStringW
DestroyMenu
GetWindowThreadProcessId
GetActiveWindow
SetCursor
PostQuitMessage
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
CharUpperW
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
UnregisterClassA
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
PostThreadMessageW
UnhookWindowsHookEx
ReleaseCapture
LoadCursorW
GetSysColorBrush
UnregisterClassW
LoadIconW
EndPaint
SetFocus
SetWindowPos
GetDesktopWindow
SetCapture
InvalidateRgn
ReleaseDC
GetDC
GetWindowRect
EqualRect
IntersectRect
OffsetRect
SetRect
IsRectEmpty
CopyRect
IsWindowEnabled
GetWindowLongW
CopyAcceleratorTableW
GetParent
ShowWindow
MessageBoxW
CharNextW
GetMessageW
LoadImageW
InvalidateRect
TranslateMessage
GetFocus
GetWindow
GetClassNameW
GetClientRect
IsWindowVisible
PostMessageW
FindWindowW
EnableWindow
SendMessageW
IsWindow
DispatchMessageW
PeekMessageW
GetLastActivePopup

gdi32

ExtSelectClipRgn
DeleteDC
GetViewportExtEx
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetRgnBox
CreateRectRgnIndirect
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetStockObject
GetDeviceCaps
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegDeleteKeyW
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
InitializeSecurityDescriptor
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
IsTokenRestricted
RegCloseKey
RegQueryValueExW
RegOpenKeyW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
UrlUnescapeW

oledlg

OleUIBusyW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
OleIsCurrentClipboard
CoGetClassObject
CoTaskMemAlloc
CoUninitialize
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringLen
VariantCopy
OleCreateFontIndirect
VariantChangeType
VariantClear
SysStringLen
SystemTimeToVariantTime
SysAllocString
SysFreeString
VariantInit
VarUI4FromStr
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantTimeToSystemTime

ws2_32

WSAEventSelect
WSASetEvent
WSACreateEvent
WSASocketW
WSAConnect
getaddrinfo
WSACloseEvent
WSAEnumNetworkEvents
WSAStartup
WSACleanup
WSASend
freeaddrinfo
WSASetLastError
WSAResetEvent
WSARecv
WSAGetLastError
WSAGetOverlappedResult
closesocket

dsound

ord11

wininet

GetUrlCacheEntryInfoExA
InternetCrackUrlW
InternetCanonicalizeUrlW
GetUrlCacheEntryInfoExW

Sections

.text
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a4004e16af1802fa65b3b52fb8b5e0f

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

dsound

wininet

Sections

.text Size: 520KB - Virtual size: 517KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 96KB - Virtual size: 94KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 520KB - Virtual size: 517KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 96KB - Virtual size: 94KB

.UPX
Size: 60KB - Virtual size: 60KB