NEAS[.]8c52f1c3aa95825349be8deb030bcf10_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8c52f1c3aa95825349be8deb030bcf10_JC.exe
Size

132KB
MD5

8c52f1c3aa95825349be8deb030bcf10
SHA1

65c41dea347791b09f202b2e5ca461eb5bead7ff
SHA256

ac142d1b47d5108e95f160fc53c5dc2ff19fec20150bbb0afed4a0ca98e6ed87
SHA512

31eee7246d89f41918321dc44a7fe9de1325c8995ba2e0857d637c706fa47b223f9389f37436a2b660b5aa6de0b44fde7457e8facf221e4c808ba7b125c5eeeb
SSDEEP

3072:3fICyoKCnthFi3h1zaqi3uO/hQJ7P2HDA/vU:wCfh03hxNkuEhQJ7+U/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8c52f1c3aa95825349be8deb030bcf10_JC.exe

Files

NEAS.8c52f1c3aa95825349be8deb030bcf10_JC.exe
.exe windows:4 windows x86

f221692b85ea4401393921d85bba5a8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
DeleteFileA
CreateFileA
GetDriveTypeA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CreateThread
GetModuleFileNameW
VirtualProtect
LockResource
SizeofResource
LoadResource
FindResourceA
CreateProcessW
lstrcatW
lstrcpyW
GetProcessHeap
GetEnvironmentVariableA
GetModuleFileNameA
Sleep
ExitProcess
GetLastError
CreateMutexA
SetLastError
GetCommandLineA
lstrcatA
SetThreadContext
GetThreadContext
GetModuleHandleA
GetCommandLineW
GetTickCount
VirtualQuery
VirtualFreeEx
HeapFree
HeapAlloc
IsBadReadPtr
MoveFileExA
GetTempPathA
SetCurrentDirectoryA
ReadFile
GetFileSize
CreateDirectoryA
GetWindowsDirectoryA
CreateProcessA
TerminateProcess
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetVersionExA
WideCharToMultiByte
FindFirstFileA
lstrcmpA
lstrcpyA
MoveFileA
SetFileAttributesA
GetFileAttributesA
CopyFileA
MultiByteToWideChar
FindNextFileA
LoadLibraryA
GetProcAddress
SetFileAttributesW
DeleteFileW
CreateFileW
lstrlenA
ResumeThread
CloseHandle

user32

DestroyWindow
UnregisterDeviceNotification
wsprintfA
DefWindowProcA
RegisterDeviceNotificationA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
CharLowerA
FindWindowExA
GetDesktopWindow
PostQuitMessage

advapi32

RegSetValueExA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
InitiateSystemShutdownExA
RegCloseKey

shell32

ShellExecuteA
SHGetFolderPathW
SHGetFolderPathA

ole32

CoCreateGuid
CoCreateInstance
CoUninitialize
CLSIDFromString

shlwapi

StrRChrA
StrChrA
StrStrA

rpcrt4

UuidToStringA

urlmon

URLDownloadToFileA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f221692b85ea4401393921d85bba5a8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

rpcrt4

urlmon

Sections

.text Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 96KB - Virtual size: 94KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 96KB - Virtual size: 94KB

.reloc
Size: 4KB - Virtual size: 1KB