NEAS[.]efe6c0fe4d1d792796689c70eeb78ec0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.efe6c0fe4d1d792796689c70eeb78ec0_JC.exe
Size

119KB
MD5

efe6c0fe4d1d792796689c70eeb78ec0
SHA1

0f6708dc8b0ef072f43dcefe5aaab0e8685b9941
SHA256

e973fe1adb4c4b42d28f26da9a67dbad1b148a7d134ba72253fc9c3e9e5908c7
SHA512

62f821201170ac32eb979f49b1d16d60d2898ea5b1719666faea6c4739ccb79a9f41b161247a2f24aa558883d2d58104f2736ddfb4d590832714aaa19f20901c
SSDEEP

1536:xbDzrNdwXOLLDpfbvzfnGWXFXEpD3QaVIgdgbZ9ntUF1DCGsurt5rtMbj8Matacv:dDz9pDvTlFX4DgaVIgdMZvoYDurtjKqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.efe6c0fe4d1d792796689c70eeb78ec0_JC.exe

Files

NEAS.efe6c0fe4d1d792796689c70eeb78ec0_JC.exe
.exe windows:4 windows x86

d8a1ee2c2c16dfb91fc37d636285766d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelTimerQueueTimer
DosPathToSessionPathA
SignalObjectAndWait
IsNativeVhdBoot
SuspendThread
SetComputerNameA
SetConsoleMode
GetStartupInfoW
IsBadStringPtrW
FlsGetValue
IsBadHugeWritePtr

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE