NEAS[.]ebecdb107d947035f7d19d6431107410_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ebecdb107d947035f7d19d6431107410_JC.exe
Size

2.1MB
MD5

ebecdb107d947035f7d19d6431107410
SHA1

8d708192a3d11c024f719d6d6c20ace1d01c392a
SHA256

a380b41eeb0e0f696bea7ae1477ea20d47f3f8bf49134a1c45c589edc94a91df
SHA512

06511e0b09bcbbd909700773305c25aad0a6756ea4d546bde796cec31c9ac8e31bfd877d790043b946bbd45d8382ab3ba2ee1549b10164d8e8082c69faf60a76
SSDEEP

24576:gxlLX/F0TuJhN7venA1+Pt/4/wikBmy7k7PxrIDhov0:gxlLX/F0TuJhN7vb+6Sd7utIDhF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ebecdb107d947035f7d19d6431107410_JC.exe

Files

NEAS.ebecdb107d947035f7d19d6431107410_JC.exe
.dll windows:4 windows x86

66fa03f59161b6f54d667ed5de5596cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
Sleep
QueryPerformanceFrequency
CreateThread
SetThreadPriority
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTimeAsFileTime
LoadLibraryA
FreeLibrary
VirtualProtect
CreateProcessA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetConsoleCtrlHandler
SetEndOfFile
UnhandledExceptionFilter
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetTickCount
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetUnhandledExceptionFilter
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
LCMapStringW
LCMapStringA
GetProcAddress
GetOEMCP
FindFirstFileA
FindNextFileA
FindClose
WaitForSingleObject
GetSystemDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
IsBadWritePtr
IsBadReadPtr
GetFileAttributesA
GetVersion
CreateDirectoryA
SetStdHandle
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
lstrlenA
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetLastError
ExpandEnvironmentStringsA
CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapAlloc
HeapFree
GetCommandLineA
RaiseException
FatalAppExitA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
HeapReAlloc

user32

GetKeyState
SendInput
FindWindowA
SetWindowTextA
SetDlgItemTextA
SendMessageA
ToAsciiEx
GetSysColor
DrawTextW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PostMessageA
GetWindowThreadProcessId
TranslateMessage
DispatchMessageA
OffsetRect
GetKeyboardState
VkKeyScanA
MapVirtualKeyA
ToUnicodeEx
GetKeyNameTextA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SetRect
SetTimer
KillTimer
GetAsyncKeyState
ActivateKeyboardLayout
GetKeyboardLayoutList
MessageBoxA
GetSystemMetrics
wsprintfA
LoadStringA
CharLowerBuffA
CharUpperBuffA
LoadImageA
GetKeyboardLayout

gdi32

ExtTextOutA
CreateCompatibleDC
SelectObject
SetStretchBltMode
StretchBlt
BitBlt
SetBkColor
SetTextColor
DeleteDC
GetTextMetricsA
DeleteObject
CreateFontIndirectA
SetBkMode

shell32

ShellExecuteA

msimg32

TransparentBlt

advapi32

GetUserNameA

Exports

Exports

Init
InitServ
Release
ReleaseServ

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 544KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66fa03f59161b6f54d667ed5de5596cb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msimg32

advapi32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 544KB - Virtual size: 2.3MB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 44KB - Virtual size: 41KB

.reloc Size: 76KB - Virtual size: 73KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 544KB - Virtual size: 2.3MB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 44KB - Virtual size: 41KB

.reloc
Size: 76KB - Virtual size: 73KB