NEAS[.]ee688bf523a60e97347d00eb6f2e20ea_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ee688bf523a60e97347d00eb6f2e20ea_JC.exe
Size

464KB
MD5

ee688bf523a60e97347d00eb6f2e20ea
SHA1

862ec3cedd5ea6e9e70d46dd9ca2de7de87ea7cd
SHA256

1068c99ab7715b60423341c52e9c58361e69b88e636b3f67dd5aeb4d1f6dd2de
SHA512

9e9c3d7be0c147ecd8f71c03196ed42611320aef7cd0b1e48d1fa11b5a14cc996c56258656b5454ba5774a8719b017fd4a0cd3fea1e14a34a853e70332b7da38
SSDEEP

12288:olJ+TFukCI+P9CcrmwEuBwUqA5qFbAGTALHaspI:00U9CcrmwEPA5qFxT7CI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ee688bf523a60e97347d00eb6f2e20ea_JC.exe

Files

NEAS.ee688bf523a60e97347d00eb6f2e20ea_JC.exe
.exe windows:5 windows x86

46b9336adb2f672dcc7203d78b439246

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

DestroyMenu

advapi32

RegQueryValueExW

shell32

ShellExecuteW

ws2_32

recv

iphlpapi

GetAdaptersInfo

oleacc

LresultFromObject

gdi32

DeleteDC

winspool.drv

DocumentPropertiesW

oleaut32

VariantClear

Sections

.text
Size: 456KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE