NEAS[.]ac49688d0dd62ecb1948645e517949290fd894fcc3ca0ebc9b0314df51172582_JC[.]exe | Triage

Sharing

General

Target

NEAS.ac49688d0dd62ecb1948645e517949290fd894fcc3ca0ebc9b0314df51172582_JC.exe
Size

5.0MB
MD5

81c9d1f3fd0701f43f9fb7d7760bac4b
SHA1

f7ac2c2ffc44a7a8cfcc2bb3655a708a119a6ff9
SHA256

ac49688d0dd62ecb1948645e517949290fd894fcc3ca0ebc9b0314df51172582
SHA512

30c1650ab2eff2ef8f19739d84b94c2a5bca3fa0b5fb48cfb540461a7151b06a73dd91197dc19b5fa47a2c8defc8ca50019601c614e65c86f51ccada98a75625
SSDEEP

98304:6lP22sn+Dpwn/0r9IYdap2OniKAIfdT5P0IfSWdxNOXFHF5TGc21lasaaC:6lbpwnyv4p2OiEVMcPvNOXVF5p21lad

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ac49688d0dd62ecb1948645e517949290fd894fcc3ca0ebc9b0314df51172582_JC.exe

Files

NEAS.ac49688d0dd62ecb1948645e517949290fd894fcc3ca0ebc9b0314df51172582_JC.exe
.exe windows:4 windows x86

c4d1f5a193b3592633b5c924730d7a75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

LoadStringW

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

gdi32

DeleteObject

comctl32

InitCommonControlsEx

wininet

InternetOpenA

gdiplus

GdipSetClipRegion

atl

ord42

shlwapi

PathRemoveFileSpecW

crypt32

CryptStringToBinaryW

msimg32

AlphaBlend

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: 5.0MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE