NEAS[.]354ae2f4e80e5f368898522762627330_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.354ae2f4e80e5f368898522762627330_JC.exe
Size

240KB
MD5

354ae2f4e80e5f368898522762627330
SHA1

ee1b6d859b7c6aaeea7950cae27ae8597b125ade
SHA256

201d98f4f6a0d73e254918dd3e189684005cbee1320690e752f75432fab5fe6c
SHA512

cf305b580b183e2f2a422d8db11969da9bd3f0bd8f27629a406ad48413fea0a54333ec1c21d549339c3f4a49d1caa8b5cc34e6b26e621b2f28f1401afafc9095
SSDEEP

6144:iHFIVerwxeGAVDD+nCssKRNSxZcThZDSEg3NpDN9Oq:iHWVerS0DDGCsseAxZcThZIDN9Oq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.354ae2f4e80e5f368898522762627330_JC.exe

Files

NEAS.354ae2f4e80e5f368898522762627330_JC.exe
.exe windows:4 windows x86

f06b45c20e943155627c747090d799a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FindClose
FindNextFileW
FindFirstFileW
GetLocalTime
FormatMessageA
GetLastError
MultiByteToWideChar
GetTempFileNameA
GetTempPathA
GetTempFileNameW
GetTempPathW
GetVersion
WideCharToMultiByte
CloseHandle
GetFileType
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
CreateDirectoryA
FormatMessageW
CopyFileW
GetFileAttributesA
GetFileAttributesW
GetSystemTime
GetFileTime
GetSystemTimeAsFileTime
DeleteFileW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
ExitProcess
GetModuleHandleW
GetTimeFormatW
CreateFileW
GetDateFormatW
GetCurrentProcessId

msvcr71

wprintf
_wsetlocale
__CxxFrameHandler
??3@YAXPAX@Z
wcscpy
wcstoul
wcsncpy
fwprintf
difftime
_wcsicmp
memset
_wcsrev
wcschr
fflush
mktime
memcpy
puts
printf
_strrev
fputws
_putws
??_U@YAPAXI@Z
fclose
remove
_wremove
fopen
_wfopen
strcat
iswdigit
_wrename
memcmp
??2@YAPAXI@Z
_purecall
_snwprintf
free
realloc
qsort
rand
srand
memmove
_except_handler3
__security_error_handler
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___winitenv
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
swprintf
time
localtime
wcscat
wcsncat
wcslen
??_V@YAXPAX@Z
_wtol
wcscmp
_vsnwprintf

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

user32

LoadStringA
LoadStringW
wsprintfW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

GetErrorInfo
SysFreeString

sqlresld

SQLUILoadResourceDLL
SQLUIUnloadResourceDLL

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f06b45c20e943155627c747090d799a3

Headers

File Characteristics

Imports

kernel32

msvcr71

advapi32

user32

ole32

oleaut32

sqlresld

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 44KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 44KB

.rsrc
Size: 80KB - Virtual size: 80KB