NEAS[.]9d3436f8b58f89f880396979c0016870_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9d3436f8b58f89f880396979c0016870_JC.exe
Size

617KB
MD5

9d3436f8b58f89f880396979c0016870
SHA1

95b85e1fd28c09e7ebebe23b6ac3198f374d22bc
SHA256

716818364891113c064f9b5bcab02037cae26db919260d19313bdf8d54d18461
SHA512

799746cec1b92f163fabb594ab2d6d419a1bf184650e3b78d5703458d4ea64aca6a9f5c6a37d1ba60167580a9b2ecb6afc05a424c541db6529a4875268f7c081
SSDEEP

12288:g/cYjwx7s0zXoBA5ozd6IDqk0MzkC4sEEqtQGfbjcED/l6ZCJj:dYMx7s07h5ozdDntzTPEEVGfbjRD/l64

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9d3436f8b58f89f880396979c0016870_JC.exe

Files

NEAS.9d3436f8b58f89f880396979c0016870_JC.exe
.dll regsvr32 windows:6 windows x64

b31ea98cca713b7e0ebd77013bfa9149

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
FindClose
ReadFile
CloseHandle
GetProcessHeap
GetLargePageMinimum
GetThreadLocale
GetEnvironmentStringsW
GetCommandLineW
IsSystemResumeAutomatic
GetCurrentThreadId
GetThreadErrorMode
GetCurrentProcess
SetFileApisToOEM
GetUserDefaultUILanguage
GetLogicalDrives
GetCommandLineA
GetOEMCP
GetThreadUILanguage
GetLastError
UnregisterApplicationRestart
GetSystemDefaultLangID
GetUserDefaultLangID
FlushProcessWriteBuffers
GetCurrentProcessorNumber
TlsAlloc
GetCurrentThread
VirtualAlloc
GetACP
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
lstrcmpiW
FreeLibrary
FreeEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
HeapSize
GetFileType
GetStdHandle
HeapFree
HeapReAlloc
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
TerminateProcess
InterlockedFlushSList
GetTickCount64
SetStdHandle
ReadConsoleW
WriteConsoleW
CreateFileW
MultiByteToWideChar
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent

user32

GetClipboardViewer
GetCursor
GetDesktopWindow
GetMenuCheckMarkDimensions
IsWow64Message
GetProcessWindowStation
CountClipboardFormats
GetKBCodePage
GetCapture
CreateMenu
GetShellWindow
CloseClipboard
AnyPopup
GetClipboardSequenceNumber
SetProcessDPIAware
GetDialogBaseUnits
InSendMessage
CharNextW
GetActiveWindow
GetMessageTime
GetMessageExtraInfo
EmptyClipboard
IsProcessDPIAware

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

InitNetworkAddressControl

ole32

OleUninitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoFreeUnusedLibraries

oleaut32

VarUI4FromStr

Exports

Exports

DllMain
DllRegisterServer
dsjwlznpbhl
dxdxyiurdljzgq
eblxkzmjfuto
edkpzxsyfcnjdj
eubxeoqt
fwxzpztg
ilyqfuypxlheixsd
iwotdgkezhnjvagm
ndtzjan
oloaxulridvxdxchg
uyrywsnux
wiwhrubumda
wyzkharixl

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b31ea98cca713b7e0ebd77013bfa9149

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 8KB - Virtual size: 7KB

.gfids Size: 1024B - Virtual size: 708B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 374KB - Virtual size: 373KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 8KB - Virtual size: 7KB

.gfids
Size: 1024B - Virtual size: 708B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 374KB - Virtual size: 373KB

.reloc
Size: 3KB - Virtual size: 3KB