NEAS[.]541bcaf321232a1a89d65999f7d56ff0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.541bcaf321232a1a89d65999f7d56ff0_JC.exe
Size

2.0MB
MD5

541bcaf321232a1a89d65999f7d56ff0
SHA1

7ac4d5867330c717e272817295303a70722c824e
SHA256

280d7aa03ddc715ea364aa2a99381ef2585f82c94e35c09ba4db43596c7a117b
SHA512

1c18a6d24822fa1050b221ad3d7e8a2a738e4f60ffbf07ea3cbafda0b890e69a3b5ba6158875d94b34b6a2caa236d00256e124ebf1f5fe14ea866a1a87a7dd01
SSDEEP

49152:3LbpYhxGU62UmaLhr5LEUs6xMRtw+M4ie2EqisZ59T+:3LyhQBLhr5LEh62RtNMtELs7h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.541bcaf321232a1a89d65999f7d56ff0_JC.exe

Files

NEAS.541bcaf321232a1a89d65999f7d56ff0_JC.exe
.dll windows:5 windows x86

c424085f648cca8e8daa85e006ffc02b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lz32

LZOpenFileA
LZCopy
LZOpenFileW
GetExpandedNameW

ws2_32

select

gdi32

CreateBitmap
CreatePalette

user32

GetMessageA
LoadImageW
MoveWindow
ToAscii
PostQuitMessage
ShowWindow
LoadStringW
UpdateWindow
CreateMDIWindowA
CascadeWindows
GetUpdateRgn

oleaut32

LoadTypeLibEx
GetErrorInfo
DispInvoke

setupapi

SetupDiDestroyDeviceInfoList

advapi32

IsTextUnicode
AddUsersToEncryptedFile
CryptSetProvParam
RegOpenKeyExA

msvcrt

fgets
isgraph

kernel32

OutputDebugStringA
GetModuleFileNameA
GetBinaryTypeW
GetModuleFileNameW
SetEvent
LeaveCriticalSection
EnterCriticalSection
InterlockedPushEntrySList
GetProcessHeap
VerLanguageNameW
GetExitCodeProcess
WaitForSingleObject
VirtualAlloc
GetSystemTimeAsFileTime
DeleteCriticalSection

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c424085f648cca8e8daa85e006ffc02b

Headers

File Characteristics

Imports

lz32

ws2_32

gdi32

user32

oleaut32

setupapi

advapi32

msvcrt

kernel32

Sections

.text Size: 412KB - Virtual size: 408KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 1.6MB - Virtual size: 1.6MB

.qdata Size: 40KB - Virtual size: 37KB

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 412KB - Virtual size: 408KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.qdata
Size: 40KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 32KB - Virtual size: 28KB