NEAS[.]120e14889dcd4877cff4a0ee8bb26940_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.120e14889dcd4877cff4a0ee8bb26940_JC.exe
Size

66KB
MD5

120e14889dcd4877cff4a0ee8bb26940
SHA1

7d799c86c89ea9b0bbcee7b5132873605f88488f
SHA256

15359eca47a8524d1019d70fd9b2435e24fd3fab1017b63da4650b2f8ce103a1
SHA512

4ead13fde13ace7eeecbd3e1c623db48fc6843f359d6753609109006fad758b27fada8dc5606c4dc739b691ca15724feb585703436282de489adbb734f320549
SSDEEP

1536:5DZalg6Q2TcfmGdsqw6puJ/ObmXqg8F4Q4:h6xcfmaw/ObmXqTF47

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.120e14889dcd4877cff4a0ee8bb26940_JC.exe

Files

NEAS.120e14889dcd4877cff4a0ee8bb26940_JC.exe
.exe windows:4 windows x86

82ef7487718ee49ad99faede54b951e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUserGeoID
PssWalkMarkerGetPosition
SetConsoleMode
SetMailslotInfo
CreateFileA
CompareCalendarDates
OpenProcessToken
SetCalendarInfoA
WriteConsoleInputVDMW
GetVolumePathNameA
OpenFileById

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE