NEAS[.]7824cfa512a5308675d2600086c71450_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7824cfa512a5308675d2600086c71450_JC.exe
Size

119KB
MD5

7824cfa512a5308675d2600086c71450
SHA1

5a06c7880fe7aead4231b50887a86d14c40c6ce5
SHA256

4f161f959663427f1e9b03e0acd0a7b342ed22634cf02c43185908c9477f011c
SHA512

521fd63e6e05a4a6ced0c1bf1b932266260086fd1ccd138b4a90740d251c49b4abba76a8d57d923edbb3b49ad26377b8c68c43c5292f399ab6da4a907298956f
SSDEEP

3072:ZRBgR2cb4Q7o/ZL1wJThlzLTnGDDa7Ky+JqgBdnB:ZLW4txZwJThV6DDgTgBdB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7824cfa512a5308675d2600086c71450_JC.exe

Files

NEAS.7824cfa512a5308675d2600086c71450_JC.exe
.exe windows:4 windows x86

37f7bf29ae78a80c00de24f4ca55f7fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSymbolicLinkA
SetNamedPipeHandleState
NeedCurrentDirectoryForExePathW
BasepGetExeArchType
GetAppContainerAce
EncodePointer
GetFileType
CheckElevation
IdnToAscii
IsWow64Process2
GetNumaProximityNodeEx

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE