NEAS[.]378e5d13b51e5433277d7d8feeb10ea0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.378e5d13b51e5433277d7d8feeb10ea0_JC.exe
Size

59KB
MD5

378e5d13b51e5433277d7d8feeb10ea0
SHA1

bc764a649b45736c98f03d82c40b3a7aaed789d6
SHA256

24284a3fdbf5f739beae6d5a49c196d7c36b28f6356fcf2df4905126c2538c30
SHA512

f159bc23e0f55f6fdc12254d73bb4858761d54baf31a760d7c669dfd81b75b095569b092f65d045d599abc47b972bce1396afb5c5ca7080038a6edb54b4a8f80
SSDEEP

1536:NlsaNs+RkxCSJRkzLGFpReEXu+goiXg/a+VR:7sEwxztnTXu+goiXgLVR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.378e5d13b51e5433277d7d8feeb10ea0_JC.exe

Files

NEAS.378e5d13b51e5433277d7d8feeb10ea0_JC.exe
.exe windows:5 windows x86

e3f66b3efd070d578461644b3207be32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
rand
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
wcsncpy
_purecall
_wsplitpath
malloc
vswprintf
_putws
wcschr
wcsrchr
time
srand
strncpy
sprintf
_wcsicmp
wcslen
wcscpy
wcscat
wcscmp
free
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
_adjust_fdiv
_c_exit
_itow

advapi32

ChangeServiceConfigW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
DeregisterEventSource
AllocateAndInitializeSid
FreeSid
SetServiceStatus
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CryptAcquireContextW
ReportEventW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
CryptGenRandom
CryptReleaseContext
RegCreateKeyW
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
EqualSid
InitializeAcl
GetAce
AddAccessAllowedAce
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
OpenProcessToken

kernel32

SetEvent
GetVersionExW
GetQueuedCompletionStatus
CreateThread
DuplicateHandle
InterlockedCompareExchange
ResetEvent
WaitForMultipleObjects
SetErrorMode
InterlockedDecrement
GetACP
SetFilePointer
GetLocalTime
GetCommandLineW
GetModuleHandleA
GetStartupInfoW
ExpandEnvironmentStringsW
GetConsoleCP
FormatMessageW
LocalFree
GetCurrentProcessId
CreateNamedPipeW
VirtualFree
VirtualAlloc
HeapFree
PostQueuedCompletionStatus
HeapAlloc
GetProcessHeap
OpenProcess
TerminateThread
lstrlenW
lstrcpyW
InterlockedIncrement
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
LeaveCriticalSection
EnterCriticalSection
GetLastError
CloseHandle
GetCurrentProcess
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
GetModuleFileNameW
lstrcpynW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
CreateFileW
CreateEventW
CreateMutexW
InterlockedExchange
ReleaseMutex
GetSystemTime
GetOEMCP
SetHandleInformation
CreateIoCompletionPort
CreateProcessW
Sleep
ReadFile
WriteFile

user32

LoadStringW
CreateDesktopW
SetProcessWindowStation
CreateWindowStationW
CloseDesktop
wsprintfW
CloseWindowStation
wsprintfA
LoadStringA
MessageBoxW
GetProcessWindowStation
CharNextW

ntlsapi

NtLicenseRequestA
NtLSFreeHandle

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysFreeString
SysStringByteLen
LoadRegTypeLi
SetErrorInfo
RegisterTypeLi
LoadTypeLi
VarI4FromStr
VarBstrFromDate
VarDateFromUdate
UnRegisterTypeLi
SysAllocStringLen
SysStringLen

ws2_32

WSAEventSelect
WSAEnumNetworkEvents
accept
WSASetLastError
WSASetEvent
inet_ntoa
WSACloseEvent
WSACleanup
shutdown
WSAResetEvent
WSADuplicateSocketW
getpeername
WSAStartup
htons
socket
setsockopt
bind
listen
WSAGetLastError
inet_addr
closesocket

psapi

EnumProcesses

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3f66b3efd070d578461644b3207be32

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntlsapi

ole32

oleaut32

ws2_32

psapi

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 17KB