NEAS[.]df55da2ecd7022d5966adca261e18d71_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.df55da2ecd7022d5966adca261e18d71_JC.exe
Size

24KB
MD5

df55da2ecd7022d5966adca261e18d71
SHA1

7e06a961c043f39f830afee34c00bfeec2647665
SHA256

294e10317248c16a5847be3841501d5988e2a8a5989c193b671d9dba70be67a8
SHA512

a6d1bc5571c730a775efc83ea3eba5ac3b99460ce2ab24b9305298d9bdfa01bedc10c5c3b1d629b99932ea14bceec4955b9b98a22658b8660517afe4d75a0cf2
SSDEEP

384:bTuicWAPOIWZ0cckLP2dU5U9fJHbI6nWdczSCjIdfMKZyt09jwntmHTjlGuWtvW/:bTiOIccsP2ycf2pdysDZyG9jbz3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.df55da2ecd7022d5966adca261e18d71_JC.exe

Files

NEAS.df55da2ecd7022d5966adca261e18d71_JC.exe
.exe windows:4 windows x86

b585813c0c9ea438942c591d7a22c76d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

NotifyAddrChange
GetAdaptersAddresses
GetAdaptersInfo
NotifyRouteChange

ws2_32

getaddrinfo
WSAIoctl
WSAAddressToStringW
WSAStringToAddressA
WSASendTo
WSAAddressToStringA
WSASocketW
WSAEventSelect
WSALookupServiceNextW
freeaddrinfo
WSARecvFrom
getnameinfo
WSALookupServiceBeginW
WSALookupServiceEnd

kernel32

DeviceIoControl
ReadFile
GetProcAddress
GetCurrentProcess
HeapFree
TerminateProcess
UnhandledExceptionFilter
HeapReAlloc
MultiByteToWideChar
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
ReleaseMutex
CreateTimerQueueTimer
HeapCreate
RegisterWaitForSingleObject
CreateEventW
WideCharToMultiByte
InterlockedExchange
UnregisterWaitEx
WaitForSingleObject
DeleteTimerQueue
FreeLibrary
WriteFile
GetCurrentThreadId
LoadLibraryW
CreateMutexA
VirtualAlloc
UnregisterWait
ChangeTimerQueueTimer
QueueUserWorkItem
ExpandEnvironmentStringsW
Sleep
BindIoCompletionCallback
DeleteTimerQueueTimer
HeapAlloc
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
GetCurrentProcessId
DeleteCriticalSection
InterlockedDecrement
EnterCriticalSection
CreateFileW
SetEvent
InterlockedIncrement
QueryPerformanceCounter
GetComputerNameExW
GetLastError
GetTickCount
SetLastError
HeapDestroy

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

mswsock

GetAcceptExSockaddrs
AcceptEx

ntdll

RtlGUIDFromString
NtWaitForDebugEvent
RtlAdjustPrivilege

msvcrt

_wcsicmp
wcscpy
strlen
free
wcslen
swprintf
memcmp
_initterm
_adjust_fdiv
_except_handler3
wcsncpy
memset
malloc
memmove
wcscat
memcpy
wcschr
wcscmp

dnsapi

DnsReplaceRecordSetW

advapi32

RegCloseKey
CryptReleaseContext
CryptAcquireContextW
RegEnumKeyExW
RegisterServiceCtrlHandlerW
CryptGenRandom
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
SetServiceStatus

ddraw

DirectDrawCreate

Sections

.text
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b585813c0c9ea438942c591d7a22c76d

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

kernel32

ole32

mswsock

ntdll

msvcrt

dnsapi

advapi32

ddraw

Sections

.text Size: 1024B - Virtual size: 892B

.rsrc Size: 1KB - Virtual size: 1KB

.data Size: 16KB - Virtual size: 80KB

.rdata Size: 512B - Virtual size: 224B

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 1024B - Virtual size: 892B

.rsrc
Size: 1KB - Virtual size: 1KB

.data
Size: 16KB - Virtual size: 80KB

.rdata
Size: 512B - Virtual size: 224B

.idata
Size: 3KB - Virtual size: 3KB