NEAS[.]04964ea73d4ac0c50b7d73440287b0b0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.04964ea73d4ac0c50b7d73440287b0b0_JC.exe
Size

4.9MB
MD5

04964ea73d4ac0c50b7d73440287b0b0
SHA1

50e4aea4921a76fc19c20b7411c23aa5d9bb897c
SHA256

e2f5bcbc7446dc8d7db5fa50a48e6885e77e33a28ad2e77b7a9352c9d294de1e
SHA512

85764176e0559845d9c83115a3fe8df770af42aa409268d07d406dfeafc37667c121b71b01a87075df6e191af483c81eb23791e6b4834fe91a03868fef272c23
SSDEEP

49152:oJEutb2tJfIOMCTYUppW9pty9AReO9ccgem3jLRmRJ0LAkMUXaYI6F38Nf9e/i7q:uUwc7URFq3RmRKiVaeQPtaY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.04964ea73d4ac0c50b7d73440287b0b0_JC.exe

Files

NEAS.04964ea73d4ac0c50b7d73440287b0b0_JC.exe
.dll windows:6 windows x64

ba2e83a96db37f69a15df2b853f4a8bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegQueryValueExW
EventSetInformation
EventUnregister
EventActivityIdControl
EventRegister
EnumerateTraceGuidsEx
EventWriteTransfer
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EventWrite
EventEnabled

bcrypt

BCryptGenRandom

kernel32

LocalFree
SetLastError
FormatMessageW
GetLastError
CloseThreadpoolIo
GetTickCount64
GetCurrentProcessId
MultiByteToWideChar
GetStdHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
CompareStringEx
FindNLSStringEx
GetUserPreferredUILanguages
FindStringOrdinal
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
GetProcAddress
WideCharToMultiByte
GetCPInfo
LocalAlloc
GetConsoleOutputCP
RaiseFailFastException
WaitForThreadpoolWaitCallbacks
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
LocaleNameToLCID
LCMapStringEx
CompareStringOrdinal
GetLocaleInfoEx
EnumTimeFormatsEx
GetCalendarInfoEx
EnumCalendarInfoExEx
ResolveLocaleName
CancelIoEx
SleepConditionVariableCS
CreateFileW
DeleteFileW
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLongPathNameW
GetOverlappedResult
GetSystemDirectoryW
GetSystemInfo
LoadLibraryExW
QueryUnbiasedInterruptTime
ReadFile
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
GetDynamicTimeZoneInformation
GetTimeZoneInformation
WriteFile
CloseHandle
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
CreateThread
ResumeThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
VerSetConditionMask
GetCPInfoExW
GetConsoleMode
ReadConsoleW
WriteConsoleW
GetExitCodeProcess
CreateProcessW
OpenProcess
K32EnumProcesses
GetProcessId
GetConsoleCP
CreatePipe
GetCurrentThreadId
FlushProcessWriteBuffers
WaitForSingleObjectEx
VirtualQuery
RtlVirtualUnwind
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
SuspendThread
GetThreadContext
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
K32GetProcessMemoryInfo
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetProcessHeap
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

ole32

CoWaitForMultipleHandles
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoGetApartmentType
CoCreateGuid
CoTaskMemAlloc

user32

LoadStringW

Exports

Exports

DotNetRuntimeDebugHeader
ProcessStart
ProcessStartWithLogs
sumstring
write_line

Sections

.text
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba2e83a96db37f69a15df2b853f4a8bd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 480KB - Virtual size: 480KB

.managed Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 161KB - Virtual size: 230KB

.pdata Size: 187KB - Virtual size: 187KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 86KB - Virtual size: 85KB

.text
Size: 480KB - Virtual size: 480KB

.managed
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 161KB - Virtual size: 230KB

.pdata
Size: 187KB - Virtual size: 187KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 86KB - Virtual size: 85KB