NEAS[.]f7f54b699d6526a633b1b3a3ce9fc8e6_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f7f54b699d6526a633b1b3a3ce9fc8e6_JC.exe
Size

180KB
MD5

f7f54b699d6526a633b1b3a3ce9fc8e6
SHA1

80f3916c33625613ea6ae5b8dc4783ff62d72c74
SHA256

16ad269a2b97c33f7b0bbfa04aa018d09e853655a403d2495c7b8c8cee0cfae8
SHA512

e903cb526e8f2aa44abfa6ef15beba98bc35b3dca3f22a89d9cc9026437394ae78beb6bbbf45913ddd57ba0eca838b14ddd452652ab2c4fc2485c3a47489a238
SSDEEP

3072:p8zsq+wXfsPDRJt8lPuRYr8WkRAml7Q4fnT74KAxrs0SHbU8kO90b6Cx:+KwXfsPr5pAW7QbKAx8HbUzOGjx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f7f54b699d6526a633b1b3a3ce9fc8e6_JC.exe

Files

NEAS.f7f54b699d6526a633b1b3a3ce9fc8e6_JC.exe
.exe windows:4 windows x86

d3096358df5e27c52e7e0b56f3475184

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLongPathNameW
GetVersion
GetFileAttributesA
InterlockedDecrement
SetThreadContext
DeleteCriticalSection
GetProcAddress
MultiByteToWideChar
EnumResourceNamesA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
ExitProcess
lstrcpynA
InitializeCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
GetLocaleInfoA

clusapi

CloseCluster

user32

SetWindowRgn
UnregisterClassA
GetDlgItem
PtInRect
GetWindowRect
MoveWindow
EndPaint
SetDlgItemTextA
GetKeyState
LoadAcceleratorsA
GetActiveWindow
BeginPaint
OffsetRect
SetWindowLongA
DefWindowProcA
GetDC
SetFocus
DestroyWindow
EqualRect
IntersectRect
CharNextA
ReleaseDC
SetParent

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ