NEAS[.]09aedc68652b408d9303dd2726ee4ae0_JC[.]exe | Triage

Sharing

General

Target

NEAS.09aedc68652b408d9303dd2726ee4ae0_JC.exe
Size

66KB
MD5

09aedc68652b408d9303dd2726ee4ae0
SHA1

d9102fd3e6166cbbab5f63e3589b50322c5e391e
SHA256

3f263d4ab724e998a6ecf58c96d6ac5d4e4f4dcdfac13fbb060ac8add46ba32d
SHA512

6f991d766319a29a6a2e90e5f557edf35fdf7b94b3453f0b3476a9d65d889d26cf9a8ff7206f176c2fbc5eafe43cef4c6b2d09ff19876e9201f1e04d39b0eba4
SSDEEP

1536:jWg5mnAB4K9jND8dbZlBD5Wa2tDf+C3ydHG:jIAGmDOlN5Fqr/3ydm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.09aedc68652b408d9303dd2726ee4ae0_JC.exe

Files

NEAS.09aedc68652b408d9303dd2726ee4ae0_JC.exe
.exe windows:4 windows x86

a4bf2e4055f1189db5962711497a3231

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PeekConsoleInputA
LZDone
FindStringOrdinal
lstrcmpW
SetThreadToken
BaseWriteErrorElevationRequiredEvent
SetCachedSigningLevel
EraseTape
GetModuleFileNameA
CreateFileMappingNumaA
GetSystemDEPPolicy

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE