NEAS[.]ff0d0c584ce96284d424e0888260c570_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ff0d0c584ce96284d424e0888260c570_JC.exe
Size

141KB
MD5

ff0d0c584ce96284d424e0888260c570
SHA1

17a4e96b555f6fbf5ff9b4b6ccf9fcc679771f8d
SHA256

e9099b6a5bb6c8f5784d7f2382d4624319b7c6cf58c4ac8beb50dbdc643ab4a7
SHA512

6534081117cf5c19ed1c141465e29877bf4bd575db43ab123a2c9be50dc3df1c936afbbf681d31f070e3fd79a1184cc14ce23657fed5b170a7f3101d251dc480
SSDEEP

3072:ixWn3Y8m7+lewyxFrbDmPLDYQ+KcZCN9vRYrkz9GSZ:Vrm7uewyxVvmP/YQBdpQSL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ff0d0c584ce96284d424e0888260c570_JC.exe

Files

NEAS.ff0d0c584ce96284d424e0888260c570_JC.exe
.exe windows:1 windows x86

787ec1164b7a2aa815cdc60c2ca62db9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
SetLastError
GetModuleHandleA
lstrcpyA
lstrcmpA
lstrcatA
lstrcmpiA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
lstrlenA
ReadFile
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
InterlockedIncrement
InterlockedDecrement

user32

RegisterClassA
LoadStringA
wsprintfA

framedyn

?GetBufferSetLength@CHString@@QAEPAGH@Z

ole32

CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.reloc
Size: 206B - Virtual size: 206B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ