NEAS[.]2de48cde68fd2d7a7f1cb4988c7d59d0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2de48cde68fd2d7a7f1cb4988c7d59d0_JC.exe
Size

119KB
MD5

2de48cde68fd2d7a7f1cb4988c7d59d0
SHA1

29d05841918d8c84c4a46f09526f52fae194a295
SHA256

214d35b57b7835cc23220820dbcec28a15ec5cb3faf91f1fd94bf7193325a21b
SHA512

b78e2db9ba0dd761c7db201b86477a9ab43f6ef59f507b551683ed127efa71bba0bb0d680df13adc9c3802108fcc4940031da3fcf25e6559ff5dcbd29a609f93
SSDEEP

3072:UKUw0vqtnH1m8FPHyTphaQdEjDzC+r3bwEr1MD:4awcPihaQKDzC+r3zeD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2de48cde68fd2d7a7f1cb4988c7d59d0_JC.exe

Files

NEAS.2de48cde68fd2d7a7f1cb4988c7d59d0_JC.exe
.exe windows:4 windows x86

71fe882accc8ada80ad676f171ce8dc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PrivMoveFileIdentityW
IsValidNLSVersion
PssDuplicateSnapshot
LoadAppInitDlls
FreeUserPhysicalPages
TermsrvGetWindowsDirectoryA
K32EnumProcessModulesEx
WerUnregisterAdditionalProcess
SetProcessAffinityUpdateMode

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE