NEAS[.]0b2ea97c956f4416ef1b441cd1fd5040_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.0b2ea97c956f4416ef1b441cd1fd5040_JC.exe
Size

63KB
MD5

0b2ea97c956f4416ef1b441cd1fd5040
SHA1

8fede3e7ee4de4d8e89113be053e29bdd17382d8
SHA256

e9895b7b63b94537cbed37d7284796a328ab4340ee2a9387d5d1627f91f91173
SHA512

3122f653b0e8947e211d91309ce99729fdf772e53620879a47fe94ac37d1193e9384a1bc8d4c0fcdaa1dbaab1ca53af35f8f3ec12e3c527e2d55108843f500d7
SSDEEP

1536:V+2iEiRbwAOakGji2XauRTgbCpDrD6DHxyNaQRWo:V+2ibb1kGlXxTbpDrD6DRcaQco

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0b2ea97c956f4416ef1b441cd1fd5040_JC.exe

Files

NEAS.0b2ea97c956f4416ef1b441cd1fd5040_JC.exe
.dll windows:10 windows x64

fcb94febd7890296e27b27870f8b1a37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
__C_specific_handler
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_lock
_unlock
memset
printf
__dllonexit
_onexit
_purecall
calloc
??1type_info@@UEAA@XZ
realloc
_callnewh
memcpy_s
malloc
free
wcsncpy_s
_errno
_CxxThrowException
memcpy

api-ms-win-core-synch-l1-2-0

Sleep
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection

oleaut32

VarUI4FromStr

api-ms-win-core-com-l1-1-1

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LoadResource
FreeLibrary
SizeofResource

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

mfplat

MFCreateMediaType
MFCreateMemoryBuffer

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcb94febd7890296e27b27870f8b1a37

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

oleaut32

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

mfplat

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 488B

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 488B