NEAS[.]e1a2a1c53e354d9016e68b16b86ae570_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e1a2a1c53e354d9016e68b16b86ae570_JC.exe
Size

335KB
MD5

e1a2a1c53e354d9016e68b16b86ae570
SHA1

62a022d0b9144be71b03309c56cc12476dbde5d7
SHA256

338020cc7738004c83f572748f7bd79cefce6bd7f18a044c55fba7a2e6b6aa1b
SHA512

42f9b995d638269f95c951b1e3a010bba271ed73d623c18ac877ecf54b0a63ca9e2ea6ed8105d2ce487fe82d35fb0cae055e43d3f99fc2b3517aa4ae20308d2f
SSDEEP

6144:u8hgMx7IFKwIG59FjpdqPnDyuosB5N9JHIvgZb+lWc1Gimn:thHx7IFKLGPFjpdqPnDyjslYzocQJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e1a2a1c53e354d9016e68b16b86ae570_JC.exe

Files

NEAS.e1a2a1c53e354d9016e68b16b86ae570_JC.exe
.dll regsvr32 windows:6 windows x86

a6eb081b99f7c1260bc73f99477730c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mswstr10

ord2
ord1

kernel32

WideCharToMultiByte
HeapAlloc
HeapFree
GetProcessHeap
SetThreadPriority
ResumeThread
GetSystemInfo
VirtualAlloc
VirtualFree
DisableThreadLibraryCalls
GlobalMemoryStatus
GetComputerNameA
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateThread
GetCurrentThreadId
IsDBCSLeadByte
GetSystemDefaultLangID
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameW
GetTempFileNameW
GetTempPathW
SetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GetShortPathNameA
MultiByteToWideChar
GetTempPathA
GetTempFileNameA
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcAddress
GetStringTypeW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
RtlUnwind
HeapReAlloc
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
GetLocalTime
GetLastError
CloseHandle
WriteFile
UnlockFile
SetFilePointer
ReadFile
LockFile
GetFileType
GetFileSize
GetFileInformationByHandle
FlushFileBuffers
FindClose
Sleep
GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6eb081b99f7c1260bc73f99477730c1

Headers

DLL Characteristics

File Characteristics

Imports

mswstr10

kernel32

advapi32

Exports

Exports

Sections

.text Size: 313KB - Virtual size: 312KB

.data Size: 7KB - Virtual size: 15KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 313KB - Virtual size: 312KB

.data
Size: 7KB - Virtual size: 15KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 10KB - Virtual size: 10KB