NEAS[.]4ef8bfc98f975db2afd523a774bed600_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4ef8bfc98f975db2afd523a774bed600_JC.exe
Size

339KB
MD5

4ef8bfc98f975db2afd523a774bed600
SHA1

7c6c09ba7a09e58075e7cfd312105763bf054b61
SHA256

8758c5afed76050759389d5c3224496020f667cf3e1eff0f95b33822bc323803
SHA512

c3716e4412320417fd305068c207237824515dd1521c0b8242d2f294d31760c38dd3663d3d83417cd3ad6da2af08e3725ebdef3c8bd3c43d46dd85f08606a1c5
SSDEEP

6144:OqN+hntCpegrKBAYV/1J9ChZcBkfEiXm1BV+UdvrEFp7hKsOi:OkegrK2YV/4hyOIBjvrEH7FOi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4ef8bfc98f975db2afd523a774bed600_JC.exe

Files

NEAS.4ef8bfc98f975db2afd523a774bed600_JC.exe
.exe windows:5 windows x86

ad1d1f575d337c48ca49ed5417b965bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

comdlg32

GetOpenFileNameW
GetSaveFileNameW

wimgapi

WIMCreateFile
WIMRegisterMessageCallback
WIMGetAttributes
WIMSetTemporaryPath
WIMLoadImage
WIMApplyImage
WIMCaptureImage
WIMSplitFile
WIMUnregisterMessageCallback
WIMUnmountImageHandle
WIMCommitImageHandle
WIMGetMountedImageHandle
WIMGetMountedImages
WIMMountImageHandle
WIMSetImageInformation
WIMGetImageInformation
WIMExportImage
WIMDeleteImage
WIMCloseHandle
WIMSetBootImage
WIMGetImageCount

winmm

timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetFileAttributesW
GetTempPathW
LocalAlloc
LocalFree
CopyFileW
DeleteFileW
lstrlenW
FindResourceW
LoadResource
LockResource
SetLastError
HeapReAlloc
FindFirstFileW
GetTempFileNameW
GetConsoleCP
FindFirstFileExW
GetStringTypeW
GetFileType
LCMapStringW
HeapAlloc
HeapFree
GetACP
WriteFile
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
CloseHandle
LoadLibraryExW
SetStdHandle
CreateFileW
FindClose
SetFilePointerEx
SetEndOfFile
ReadFile
ReadConsoleW
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetCurrentProcess
HeapSize
FormatMessageW
DecodePointer
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection

user32

EnableWindow
GetDlgItem
SetWindowTextW
CharUpperBuffW
LoadStringW
GetCursorPos
LoadCursorW
SetCursor
GetWindowTextW
GetParent
GetSystemMetrics
SetWindowPos
CopyRect
OffsetRect
MapDialogRect
SetRectEmpty
LoadIconW
GetDialogBaseUnits
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
SetWindowLongW
FillRect
DialogBoxParamW
SendMessageW
MessageBoxW

gdi32

SetBkMode
TextOutW

advapi32

RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegLoadKeyW
RegEnumKeyExW
RegOpenKeyExW
RegUnLoadKeyW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderLocation

ole32

CoTaskMemFree
CoInitialize
StringFromGUID2
CoUninitialize

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad1d1f575d337c48ca49ed5417b965bb

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

comdlg32

wimgapi

winmm

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 32KB