NEAS[.]05c5604b1b802900f9d08cb37b223ef0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.05c5604b1b802900f9d08cb37b223ef0_JC.exe
Size

66KB
MD5

05c5604b1b802900f9d08cb37b223ef0
SHA1

e032fff4b6b75fb34484890dea2de21709a2dc4c
SHA256

998d9e5d51d07e1eb3148d989a6217b1fa042fa8bff1cafde768bbea20ef56b4
SHA512

082cc8c95cd4630719fa031c911673e5ea549b10287e8dabcb76b3b3f355cdc4cbf72752a86a398e57f2c7e03c0b23623632b60052cfbcec8820e809f3061008
SSDEEP

1536:UqbM7GMP7a7SwByedy4AVwgkZ+LXd/ITOJhTp89:/M7dT1ayUA18+LXtha9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.05c5604b1b802900f9d08cb37b223ef0_JC.exe

Files

NEAS.05c5604b1b802900f9d08cb37b223ef0_JC.exe
.exe windows:4 windows x86

4c73b6d5b7a5eec26a334a94ea0a9250

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RegDeleteValueW
CreateProcessInternalA
GetSystemWindowsDirectoryA
TryAcquireSRWLockExclusive
GetProcessTimes
OutputDebugStringA
GetConsoleAliasW
DeleteVolumeMountPointW
GetVDMCurrentDirectories
EnumSystemFirmwareTables

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE