NEAS[.]01a0920d08f81c787f4dd054a66cc850_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.01a0920d08f81c787f4dd054a66cc850_JC.exe
Size

36KB
MD5

01a0920d08f81c787f4dd054a66cc850
SHA1

b50a0a4d4bb2a8f9849b697d1e3140641f71beea
SHA256

aa5b7f697e622ea889dc7eb0201f45a20875177a444b6f26f1019e3be5d1f605
SHA512

c00bbf100a48187314fbd328a34713a97ef811aba2256c6baf06f09ad22d114fc37c2c132fc642d0453d1982199fcfb4a0dcbf385a799d976851139337206ec1
SSDEEP

768:SdxTBHrAKdQT1Bh6E4iZFMIapdUuTS+gBufqtqfIBPhW:SLBHFdQT1hRMIaU+IW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.01a0920d08f81c787f4dd054a66cc850_JC.exe

Files

NEAS.01a0920d08f81c787f4dd054a66cc850_JC.exe
.exe windows:4 windows x86

4f82b42c6060ed5c2b09621730b82fb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RevertToSelf

winmm

midiStreamPause

mpr

WNetConnectionDialog

msvbvm60

MethCallEngine
Zombie_QueryInterface
EVENT_SINK_AddRef
ord673
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
ord644
ord100
ord652
ord545

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ