NEAS[.]ed418740cf1f5ea53b9ceefd94ba9520_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ed418740cf1f5ea53b9ceefd94ba9520_JC.exe
Size

501KB
MD5

ed418740cf1f5ea53b9ceefd94ba9520
SHA1

db1b430b3add834bb865dc9b286fcbece466310d
SHA256

bec914486d1edf8b8ed90c14db8a93e167de9c1452c4588e09b146937cd5c118
SHA512

aaf066bb964dcbd94d9459636526e7fd0d96fb2e8c9fe3c2a4432f841a482b2a3aef4ab50db163b00eefa2480408fd5aafc79aad9460f285b6d698ccdb07581f
SSDEEP

6144:nVbv37YKI+3hy3OU/f/R2NUP70TA4VcDR2lVkxl3TdmdVGUrG:nVT8KI+3h9uOUHRzhhmdEUrG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ed418740cf1f5ea53b9ceefd94ba9520_JC.exe

Files

NEAS.ed418740cf1f5ea53b9ceefd94ba9520_JC.exe
.dll windows:6 windows x86

352797717b7653cc273ff44446a50b74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
GetSystemDefaultUILanguage
LoadLibraryExW
CreateDirectoryW
GetUserDefaultLangID
DeleteCriticalSection
ReadConsoleW
WriteConsoleW
SetStdHandle
OutputDebugStringW
HeapReAlloc
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CloseHandle
WriteFile
GetOEMCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryDosDeviceW
GetStdHandle
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetProcessHeap
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetModuleHandleW
TlsFree
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetLastError
IsValidCodePage
VerifyVersionInfoW
GetStartupInfoW
CreateFileW
GetModuleFileNameW
GetExitCodeProcess
HeapDestroy
GetSystemTimeAdjustment
GetModuleHandleA
TlsSetValue
GlobalLock
QueryPerformanceCounter
GetEnvironmentVariableW
SwitchToThread
LockResource
SetEndOfFile
FindNextFileA
ReadProcessMemory
GetTickCount
GetTempFileNameW
DeviceIoControl
GetFileType
LoadLibraryA
GetDiskFreeSpaceW
GlobalFree
VirtualAlloc
GetCPInfoExW
GetPrivateProfileIntW
RaiseException
GlobalUnlock
GetACP
LeaveCriticalSection
GetSystemDirectoryW
SignalObjectAndWait
WaitForSingleObject
GetCommState
SystemTimeToTzSpecificLocalTime
LoadResource
GetCPInfo
FindFirstFileW
EnumResourceNamesW
GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapAlloc
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
MultiByteToWideChar
GetStringTypeW
GetLastError

user32

GetMonitorInfoW
GetMenuStringW
MapWindowPoints
ToUnicode
LoadIconA
GetKeyboardLayout
ReleaseDC
SystemParametersInfoA
SendMessageW
IsRectEmpty
GetMessageA
GetDlgItemInt
GetKeyState
GetClientRect
GetDC
SetWindowLongA
UnregisterClassA
DefWindowProcA
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextW
GetCaretBlinkTime
BeginDeferWindowPos
RegisterClassA
GetWindowTextLengthA
GetSystemMenu
DeleteMenu
GetWindowPlacement
GetWindowLongA
CheckRadioButton
IsZoomed
GetCapture
UnionRect
CopyRect
SetCursor
SetFocus
GetDoubleClickTime
ShowCursor
SetClassLongA
AppendMenuA
PostMessageA
RegisterClassW
GetSystemMetrics
SetWindowTextA
DestroyMenu
LoadStringA
MessageBoxA

gdi32

RealizePalette
GetNearestPaletteIndex
CreateHalftonePalette
CreateCompatibleBitmap
SetPolyFillMode
Polyline
ExtTextOutA
EndPage
SetLayout
MaskBlt
GetCharacterPlacementW
SetMapMode
CreateRectRgn
RectVisible
CreateSolidBrush
Ellipse
TextOutA
CreateCompatibleDC
ExtCreateRegion
SetViewportExtEx
CreateHatchBrush
CreateFontIndirectW
ExcludeClipRect
GdiFlush
PlayEnhMetaFile
GetCharABCWidthsW
GetClipBox
SetTextAlign
GetWindowOrgEx

advapi32

SetSecurityDescriptorDacl
EqualSid
RegConnectRegistryW
GetUserNameA
SetSecurityDescriptorOwner
OpenServiceW
OpenProcessToken
LookupPrivilegeValueW

shell32

SHGetFileInfoW
Shell_NotifyIconW

ole32

CoInitialize

oleaut32

SysReAllocStringLen
VariantChangeType
SysAllocStringLen

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

352797717b7653cc273ff44446a50b74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 384KB - Virtual size: 384KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 18KB - Virtual size: 32KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 384KB - Virtual size: 384KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 18KB - Virtual size: 32KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 15KB - Virtual size: 14KB