NEAS[.]3e9b1567f67bd130cf0e8b8550a82d00_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3e9b1567f67bd130cf0e8b8550a82d00_JC.exe
Size

1.8MB
MD5

3e9b1567f67bd130cf0e8b8550a82d00
SHA1

c103e8727a8e4d2567ddccc07508a70b714beeb4
SHA256

4637bdd6bffaecd8b2a54d2ec09edac7cd2751c83ea7230ca91c797848e9aa57
SHA512

c2a630f9efb5033038dc5202a030a1581b74d33cb2971e242a51b7026724a5ff399b6a2f7dbf09b19fed8ea027204b92f2d24f6a249d171f99ff53532229b13a
SSDEEP

49152:NZRikCueXCZpsZofarZrobGoWbY7gH+/GQ34NgvV:rRJCuaCfoofGE1W1H+eG7V

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3e9b1567f67bd130cf0e8b8550a82d00_JC.exe

Files

NEAS.3e9b1567f67bd130cf0e8b8550a82d00_JC.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ