NEAS[.]d14f459e1b83b8ee37bee0717f592de0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d14f459e1b83b8ee37bee0717f592de0_JC.exe
Size

333KB
MD5

d14f459e1b83b8ee37bee0717f592de0
SHA1

e2b181c003cd1d0f71ec6218fc007df29522d681
SHA256

765c3a0a43de3286ac0134c142166adec07d41b8646d3619b81addb01e89317c
SHA512

72dd05e5e84e3c6d3a8d28cfca91d7864d0e3dd9d91c8bf438a3ef1086181f1f2ab9b77ae7e5eba5dc88b1d68418ff306f25a80544befd71a3c5ed37eab3a1f1
SSDEEP

6144:asgDYs7ivUxR3JyVVVhmb9ObGT4F53eRFM/O17x0M7unOuO5LvxkZ:asgESlJyrTI9O8aYR717x0M7/o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d14f459e1b83b8ee37bee0717f592de0_JC.exe

Files

NEAS.d14f459e1b83b8ee37bee0717f592de0_JC.exe
.exe windows:5 windows x86

a47ce5d99cbb64369bb7347a4fefab1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

gethostbyaddr

iphlpapi

GetAdaptersInfo

wtsapi32

WTSRegisterSessionNotification

oleacc

LresultFromObject

gdi32

SaveDC

winspool.drv

OpenPrinterW

oleaut32

VariantClear

Sections

.MPRESS1
Size: 280KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE