NEAS[.]e3c6114a95a6b27415489aca0419f1c0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e3c6114a95a6b27415489aca0419f1c0_JC.exe
Size

119KB
MD5

e3c6114a95a6b27415489aca0419f1c0
SHA1

5d85d4a1674c70feefdf6a40ffebbbb6b44acd95
SHA256

7ce39b504105b9c818dfc70a56cddcce35004aef0b033ab4ac1b6ce087540a84
SHA512

25d36f7343f02e011e8cf2132c1099a8a55eb88de7fdf73289d322ed727de9c307a4064be81c5fd65d6cf4695b4e8db7e402c54f4aa6088e8b7aa4e0da13c531
SSDEEP

3072:KMPkl/aqJmi6J5NU+B7U+V0ufe5cJNN6TQbLsi4OQdrd44FS:KMU//iJ5Nn7UZu04NNiQkxOQdrdDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e3c6114a95a6b27415489aca0419f1c0_JC.exe

Files

NEAS.e3c6114a95a6b27415489aca0419f1c0_JC.exe
.exe windows:4 windows x86

49c693b0088e365c7354bf78dd98018f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenThreadToken
NormalizeString
UnregisterApplicationRestart
CallNamedPipeW
SetSystemPowerState
GetFileAttributesExA
GetFinalPathNameByHandleA
GetProcessIoCounters
_hwrite
CloseConsoleHandle

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE