NEAS[.]1af291186315aa59efc7b8eb0c30adf0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1af291186315aa59efc7b8eb0c30adf0_JC.exe
Size

212KB
MD5

1af291186315aa59efc7b8eb0c30adf0
SHA1

f596e56798210edd883a2d5f8f9d003cd4255923
SHA256

eea5e4de4493983505203bafccdfea0d73247dc827536e964ff8b8846cf6e7e9
SHA512

7f5bf3daad4550f700354410e29aceb74e4a93dbf4bf0b683e76d9cb0c516fc4e699730fd5469c86d620ecbac8fe187afccac83978e7ea626fbe61a5718012cc
SSDEEP

3072:Jv/IL44frgyGGqB/QH1VdzDu43d/9gCOuMHCV+yXSD7ihxrG/AIqfc6KpYffLT:VAU40GqVQV9tirCVcXinG/Af0ZSffL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1af291186315aa59efc7b8eb0c30adf0_JC.exe

Files

NEAS.1af291186315aa59efc7b8eb0c30adf0_JC.exe
.exe windows:4 windows x86

fc2348e5cba0fcca8012f922614733e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetActiveWindow
SubtractRect
DialogBoxParamA
EqualRect
ToAscii
DialogBoxIndirectParamA
AttachThreadInput
GetClassInfoExA
GetClipboardFormatNameA
GetClipboardOwner
OemKeyScan
SetKeyboardState
GetKeyState
SetDoubleClickTime
DdePostAdvise
GetMessageA
GetMessageTime
DdeAbandonTransaction
DdeFreeDataHandle
GetSysColor
LoadAcceleratorsA
SetWinEventHook
ClipCursor
CreateMenu

msvcrt

_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_open
__p__commode
__p__fmode
__set_app_type
_controlfp
_exit
_adjust_fdiv
_c_exit

lz32

LZSeek
LZStart
LZDone

version

GetFileVersionInfoW

kernel32

GetStartupInfoA
GetModuleHandleA
GetSystemDirectoryW
GetPrivateProfileIntW
GlobalUnfix
GetPrivateProfileSectionNamesW
GlobalDeleteAtom
GetCurrentThread
HeapAlloc
ConnectNamedPipe
GetStdHandle
GetLongPathNameA

advapi32

LsaEnumerateTrustedDomains
RegOpenKeyA
LsaQueryTrustedDomainInfo
LsaLookupSids
DecryptFileA
LsaSetInformationPolicy
RegOverridePredefKey
LsaDeleteTrustedDomain
ReadEventLogA
LsaQueryInformationPolicy
LogonUserA
LsaEnumerateAccountRights
ObjectOpenAuditAlarmA

comctl32

PropertySheetW
ord13
ImageList_Merge
ord14
ord17
InitializeFlatSB
ImageList_DragLeave
ImageList_BeginDrag
FlatSB_EnableScrollBar
ImageList_GetIconSize
FlatSB_SetScrollRange
ImageList_Copy
FlatSB_SetScrollProp
ImageList_Create
ImageList_DragEnter
DestroyPropertySheetPage
ord5
FlatSB_GetScrollPos
ImageList_AddMasked
CreatePropertySheetPageA
FlatSB_SetScrollPos
ImageList_Destroy
FlatSB_GetScrollInfo
ImageList_GetImageCount
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_DragMove
ImageList_DragShowNolock

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc2348e5cba0fcca8012f922614733e8

Headers

File Characteristics

Imports

user32

msvcrt

lz32

version

kernel32

advapi32

comctl32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 160KB - Virtual size: 1.2MB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 160KB - Virtual size: 1.2MB

.rsrc
Size: 12KB - Virtual size: 11KB