NEAS[.]035a1b3b219c28fba2add02c6ea278f0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.035a1b3b219c28fba2add02c6ea278f0_JC.exe
Size

50KB
MD5

035a1b3b219c28fba2add02c6ea278f0
SHA1

3d7a97f4b829c73a0993f31d470bff16ad6920e7
SHA256

1dff21d958d6b1c5415edf1bf7ebd9110e27fb4a4eb9ffe86dd923dd0f441418
SHA512

e6bd51fe56a8677356b7a27e17e221bd55051c13751298a52d9c12480f21d1232ddda35127803b94ddb133f2b7d668bbbbd1691c37b82e07e8bbedcf9f649804
SSDEEP

384:xo8YFGqP5vXWvwWlzOOdc5HKiTs1X7YnByiOWzP7SREdxPPbhetK5JtPl:VYFp5vcPaJKxCnBywfPdzeIXPl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.035a1b3b219c28fba2add02c6ea278f0_JC.exe

Files

NEAS.035a1b3b219c28fba2add02c6ea278f0_JC.exe
.sys windows:4 windows x86

71982b948e4810f6d6dc21f03cdd8741

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ZwDeviceIoControlFile
IoFreeMdl
MmUnmapLockedPages
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ZwTerminateProcess
ZwOpenProcess
IoDeleteDevice
IoDeleteSymbolicLink
ProbeForWrite
ProbeForRead
IoCreateSymbolicLink
IoCreateDevice
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 176B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ