NEAS[.]16517cc4b976604f3b9c292b6ef98760_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.16517cc4b976604f3b9c292b6ef98760_JC.exe
Size

170KB
MD5

16517cc4b976604f3b9c292b6ef98760
SHA1

9d66ccc016c6c1a74f0f4a4340929ad60a093ce1
SHA256

bebd4bd78d05afe1b2b9ddf9aa327169976d59adaffe100754ac1d9fad261a49
SHA512

e0cd856d864389e19353c1d026286048dab51e4380c74c4d0463c1605e867acc21d1ff2ee48154e209b11caa647152b19b8a0a8626688c6e25442cb589025347
SSDEEP

3072:clEJU0+tM2SlXxIh478B6QhgfoRYy/UoDRvoGZpboX9:oEGpt8lX+hfbgMYyJRvoL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.16517cc4b976604f3b9c292b6ef98760_JC.exe

Files

NEAS.16517cc4b976604f3b9c292b6ef98760_JC.exe
.exe windows:4 windows x86

ef03393d2cd23b0da64f9a6ab6940eab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

kernel32

DeleteCriticalSection
RtlUnwind
GetOEMCP
GetCalendarInfoW
HeapSize
SetEndOfFile
HeapDestroy
ExitProcess
VirtualFree
InitializeCriticalSection
GetCPInfo
GetStartupInfoA
EnumResourceNamesA
RaiseException
SetFilePointer
HeapReAlloc
IsValidCodePage
FreeEnvironmentStringsA
EnterCriticalSection
HeapCreate
LeaveCriticalSection
GetACP
ReadFile

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

CoGetMalloc
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoQueryProxyBlanket
CoTaskMemFree
CoInitializeEx
StringFromGUID2

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ