NEAS[.]506eb55de3d0636608dd764f044134d0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.506eb55de3d0636608dd764f044134d0_JC.exe
Size

596KB
MD5

506eb55de3d0636608dd764f044134d0
SHA1

4b1adc558c126774eba0771f8993998466d45b16
SHA256

2e16a85272fd7f429f32d935e4824a6b94c22d33fb748fdeea03d99f23f22c52
SHA512

d2788e6e4c760dd15e999eb354a4006a9fc2f9155246da4a3beaee387b21e1314da932cd7a5f1382f0cd03e71d58c91190efcda30ba99f967404ccba2c9616e4
SSDEEP

12288:u3FN92mrRUDkDTYNmN3Rus3SAFYq8Noz9qirzrEX1fsd7TOoOTd:u1N3RUDHNmdPCAaq8Nozgi/rE0TOj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.506eb55de3d0636608dd764f044134d0_JC.exe

Files

NEAS.506eb55de3d0636608dd764f044134d0_JC.exe
.exe windows:5 windows x64

b3aaab9006a24d59f55e029d07c263b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdiplus

GdipCreateFromHDC
GdipFree
GdiplusStartup
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage

kernel32

OutputDebugStringW
IsDebuggerPresent
LocalFree
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
GetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
lstrcpyW

user32

GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
LoadCursorW
GetDesktopWindow
GetWindowRect
GetClientRect
EndPaint
BeginPaint
UpdateWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW

ole32

OleRun
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance

shell32

CommandLineToArgvW

oleaut32

VariantClear
SysFreeString
SysAllocString
GetErrorInfo

shlwapi

StrRChrW

msvcr120

_XcptFilter
__crtGetShowWindowMode
_CxxThrowException
??_V@YAXPEAX@Z
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
_wcsicmp
wcslen
wcscpy
wcschr
__set_app_type
__wgetmainargs
??3@YAXPEAX@Z
memset
free
__CxxFrameHandler3
??2@YAPEAX_K@Z
_amsg_exit

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b3aaab9006a24d59f55e029d07c263b7

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

ole32

shell32

oleaut32

shlwapi

msvcr120

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 568KB - Virtual size: 572KB