NEAS[.]13cf5204c2747f807f7597e97ef8bef0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.13cf5204c2747f807f7597e97ef8bef0_JC.exe
Size

6KB
MD5

13cf5204c2747f807f7597e97ef8bef0
SHA1

2da97901c1eff7c38a89c61f98a6c774142cbf2b
SHA256

8a7d63410f93c8a1ce4dfe8df3a5129c21b1d650fe989524e875fd91c848a61e
SHA512

e0a118d2902f69b641d48c0c0168b2341f518b372f10f3519fd254e6e209b93b095e4e87bc008a0d25462f846273dcab05496b8fbd8d299d02abc7b80b226e53
SSDEEP

48:6GctHHWX7LHGrmIj1AEst4Sc+zzuEL/NgNpTrg79Yo0FhFl9orworj:ktH2X7CmIR2t4SN7/NgPTrZoCzXor

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.13cf5204c2747f807f7597e97ef8bef0_JC.exe

Files

NEAS.13cf5204c2747f807f7597e97ef8bef0_JC.exe
.exe windows:4 windows x64

78df642bae6de798e909c05a28796df8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LocalAlloc
GetSystemTime
Sleep
ExpandEnvironmentStringsA

msvcrt

memmove
printf
system
_vsnprintf
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs
exit

urlmon

URLDownloadToFileA

snmpapi

SnmpUtilOctetsCpy
SnmpUtilOctetsFree
SnmpUtilVarBindCpy
SnmpUtilOidFree
SnmpUtilPrintOid
SnmpUtilPrintAsnAny
SnmpUtilMemReAlloc
SnmpUtilOidNCmp
SnmpUtilOidToA
SnmpUtilIdsToA
SnmpUtilOctetsNCmp

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ