NEAS[.]0154e71e0ef9f62bff50e6d27f851190_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0154e71e0ef9f62bff50e6d27f851190_JC.exe
Size

812KB
MD5

0154e71e0ef9f62bff50e6d27f851190
SHA1

8106711ca7bdd6bc8c215c68a40576e2b74f51c0
SHA256

cd91824ba96a4c3196a98a62632310bf5fdd4b23c1fa60f9d64791a95f96436b
SHA512

ac81e9c1601efe5bc1b7d3e7fd9e26ff8d51423f4fc2eb6482347d3750f62e2fb86870a18e292b6052e1d52f2923d618c9ad2ab7144fefbc4bf7e3c7f7a00823
SSDEEP

12288:xjsyTirP53P0G79airEf6T4FGxbM4krlpG/k:xNM53P0irEf6TRVsDP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0154e71e0ef9f62bff50e6d27f851190_JC.exe

Files

NEAS.0154e71e0ef9f62bff50e6d27f851190_JC.exe
.exe windows:4 windows x86

c1b1a74224037a14daa87c5cd657fe34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfW
StrStrIA
SHDeleteKeyA

xiontags

XionTagsGetArtist
XionTagsGetAlbum
XionTagsGetYear
XionTagsGetTrack
XionTagsGetGenre
XionTagsGetComment
XionTagsRemoveTags
XionTagsResetInformation
XionTagsSetAlbum
XionTagsSetArtist
XionTagsSetComment
XionTagsSetGenre
XionTagsSetTitle
XionTagsSetTrack
XionTagsSetYear
XionTagsCreateUserFormattedString
XionTagsReadTagInformation
XionTagsWriteTagInformation
XionTagsGetTitle

comctl32

ImageList_ReplaceIcon
ord17
ImageList_SetBkColor
ImageList_Create
ImageList_Destroy

kernel32

LoadLibraryA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
InterlockedExchange
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetVersion
CreateMutexA
ReleaseMutex
GetCurrentThreadId
GetLastError
ExpandEnvironmentStringsA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
DeleteFileA
MulDiv
GetFileAttributesA
Sleep
FreeLibrary
GetCurrentProcess
lstrlenA
GetSystemTimeAsFileTime
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA

user32

DialogBoxParamA
CreateDialogParamA
GetDoubleClickTime
BeginDeferWindowPos
EndDeferWindowPos
TranslateAcceleratorA
LoadAcceleratorsA
DeferWindowPos
SetClassLongA
IsWindowVisible
EndDialog
GetClassInfoExA
UnregisterClassA
OffsetRect
RegisterWindowMessageA
RegisterClassExA
DefWindowProcA
SetTimer
CreateWindowExA
SystemParametersInfoA
KillTimer
IsIconic
GetThreadDesktop
GetUserObjectInformationA
RegisterHotKey
MapVirtualKeyA
GetKeyNameTextA
UnregisterHotKey
InsertMenuItemA
GetMenuStringA
CheckMenuItem
GetMenuItemInfoA
DestroyMenu
RemoveMenu
CreatePopupMenu
GetWindowLongA
SetWindowLongA
LoadImageA
UpdateWindow
GetWindowTextA
LoadMenuA
GetSubMenu
TrackPopupMenu
FrameRect
GetMenuItemCount
SetMenuItemInfoA
GetMenuItemID
SetMenuDefaultItem
FillRect
DrawIconEx
DrawStateA
DrawTextA
DestroyIcon
GetDC
SetWindowTextA
RedrawWindow
GetAsyncKeyState
GetCursorPos
GetSysColor
GetDlgItem
DestroyWindow
SetForegroundWindow
GetSystemMetrics
GetWindowRect
ScreenToClient
ShowWindow
LoadIconA
SendDlgItemMessageA
MessageBoxA
SetFocus
PostQuitMessage
SetWindowPos
FindWindowA
PostMessageA
FindWindowExA
SendMessageA
GetMessageA
IsDialogMessageA
GetForegroundWindow
IsWindow
TranslateMessage
DispatchMessageA
DrawTextExA
InvertRect
EnableWindow

gdi32

GetTextMetricsA
SetTextColor
SetBkMode
CreateRectRgn
CreateSolidBrush
GetObjectA
DeleteDC
CreateCompatibleDC
OffsetViewportOrgEx
GetTextFaceA
SelectClipRgn
SetBkColor
GetStockObject
SetMapMode
GdiFlush
CreateDIBSection
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
CreatePen
MoveToEx
LineTo
GetDeviceCaps
SetViewportOrgEx
DeleteObject
CreateFontA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
GetUserNameA
GetTokenInformation
OpenProcessToken
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA
SHChangeNotify
ExtractIconExA

bass

BASS_ChannelGetPosition
BASS_ChannelPlay
BASS_ChannelSetAttribute
BASS_ChannelRemoveSync
BASS_Free
BASS_ChannelSetFX
BASS_ChannelIsActive
BASS_StreamGetFilePosition
BASS_ChannelGetLength
BASS_StreamFree
BASS_MusicFree
BASS_StreamCreateURL
BASS_ChannelSetSync
BASS_StreamCreateFile
BASS_MusicLoad
BASS_ChannelPause
BASS_ChannelGetTags
BASS_GetDeviceInfo
BASS_ChannelGetLevel
BASS_ChannelGetAttribute
BASS_ChannelGetData
BASS_ChannelSetPosition
BASS_ChannelSeconds2Bytes
BASS_ChannelGetInfo
BASS_FXSetParameters
BASS_ChannelStop
BASS_ChannelBytes2Seconds
BASS_ChannelRemoveFX
BASS_PluginGetInfo
BASS_PluginLoad
BASS_SetConfigPtr
BASS_SetConfig
BASS_Init
BASS_ErrorGetCode

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Nomemory@std@@YAXXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

msvcr71

??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memmove
strncat
strrchr
strncpy
sprintf
atoi
_purecall
__RTDynamicCast
??_V@YAXPAX@Z
atof
strstr
_snprintf
fclose
fwrite
fopen
strcspn
strtok
fread
ftell
fseek
strchr
strncmp
_beginthread
free
realloc
__p___argv
__p___argc
time
malloc
exit
_mbscmp
_mbsnbcpy
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_stricmp
_itoa

bass_fx

BASS_FX_GetVersion

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1b1a74224037a14daa87c5cd657fe34

Headers

File Characteristics

Imports

shlwapi

xiontags

comctl32

kernel32

user32

gdi32

advapi32

shell32

bass

msvcp71

msvcr71

bass_fx

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 16KB - Virtual size: 17KB

.shr Size: 4KB - Virtual size: 4B

.rsrc Size: 500KB - Virtual size: 498KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 16KB - Virtual size: 17KB

.shr
Size: 4KB - Virtual size: 4B

.rsrc
Size: 500KB - Virtual size: 498KB

.rmnet
Size: 60KB - Virtual size: 60KB