NEAS[.]058456abce52861c51f8ad19e6f0a750_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.058456abce52861c51f8ad19e6f0a750_JC.exe
Size

56KB
MD5

058456abce52861c51f8ad19e6f0a750
SHA1

1c5fc498d879b02ed1be92124d2bd00fe548b872
SHA256

14e87e7e754701fc3aeebae3d93a603da6ec4dca93cfcc36b6af89bf4ce0b7fb
SHA512

1022b6ff92fa26a4c61d2c07d332120e6710e87f98ff34a2f64b0e5970cc7ebf611659f49a8a853befec704590c93fb4599d03ebed7c9ecc79d090359c8b1c07
SSDEEP

768:1nTGiS6eb8MqPPa4NWZJLMfvYgHz1jJAFHx3XhewFp1x9UziTFHDURuunrSwn/pu:BAh8gg5JA/3xewFpVUOhDCfJBCDD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.058456abce52861c51f8ad19e6f0a750_JC.exe

Files

NEAS.058456abce52861c51f8ad19e6f0a750_JC.exe
.exe windows:4 windows x86

b10ea49a46a497c0149d1b8437c0a230

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleInputExeNameA
VDMOperationStarted
BaseProcessInitPostImport
IsWow64Process
GetConsoleFontSize
OpenJobObjectW
GetTapePosition
ReadConsoleInputExA
GetCPInfoExA
RegisterConsoleVDM
CreateHardLinkW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE