NEAS[.]8bed7d183a911a4f11688768c7fd1600_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8bed7d183a911a4f11688768c7fd1600_JC.exe
Size

28KB
MD5

8bed7d183a911a4f11688768c7fd1600
SHA1

88b8ba350119c2479a5a56edee982cc92c28d543
SHA256

8036f4e72d096e6a10999702c9581fd79fdd9d73f6978466b5e883f85f758893
SHA512

0ddbc1df0e80b5fb25ca7cf7c2935b17b36ea2436d828b8aecffabff0bfb6faa4275cb6fb6b0085f4e94b48fe153c026ff1efe09b92baeeaaf3446a1a8588f91
SSDEEP

768:nwaeXNE3u/fSLvPCh6t+ZkDObjORqTYr2i:4Eu/fqvPcbMEYai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8bed7d183a911a4f11688768c7fd1600_JC.exe

Files

NEAS.8bed7d183a911a4f11688768c7fd1600_JC.exe
.exe windows:10 windows x64

1393340aab23f97bcf1e08682e940e45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
fwprintf
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncpy_s
calloc
towupper
_fmode
wcscpy_s
__C_specific_handler
exit
_commode
_exit
_wsetlocale
?terminate@@YAXXZ
wcsncat_s
_snwprintf_s
_vsnwprintf
_wcsnicmp
_initterm
__setusermatherr
_cexit
__iob_func
free
wcschr
fprintf
_wcsicmp
towlower
memcpy
memset

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
LoadStringW

wldap32

ord135
ord140
ord191
ord147
ord16
ord27
ord26
ord88
ord46
ord206
ord133
ord73
ord224
ord208
ord12
ord118
ord145
ord97
ord13
ord127
ord170
ord167
ord41

logoncli

DsGetDcNameWithAccountW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
ExitProcess

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-downlevel-shlwapi-l1-1-1

StrCmpW
StrChrW

ntdll

RtlInitUnicodeString

ntdsapi

DsUnBindW
DsBindW
DsWriteAccountSpnW
DsCrackNamesW
DsFreeNameResultW

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1393340aab23f97bcf1e08682e940e45

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

wldap32

logoncli

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

netutils

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-1

ntdll

ntdsapi

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 516B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 516B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 32B