NEAS[.]7fb78888d2e84fb557736ce1acd68810_JC[.]exe | Triage

Sharing

General

Target

NEAS.7fb78888d2e84fb557736ce1acd68810_JC.exe
Size

30KB
MD5

7fb78888d2e84fb557736ce1acd68810
SHA1

c10c37b59a2557e6e5a8f73cf63a8e9a86bc7639
SHA256

c94eee7d532c6bc8ef97741173c233f5f3013ad57627997cfe9e5864415ac18a
SHA512

b7e73bc513fe6847fdb98945c69ba7d8d7cd6a59c55efd2b62cc95b82c5bbf2d2d745a9d75d52c0375f9735d0986fcd7cab3045deb6161bf926e1c128b48345a
SSDEEP

384:5KMtWZSj0oUFkGGiZqFxLMHfWDue9TCw7Or+fJoRbK8UnVtY:M3sjskyIFR0Su4vluYxD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7fb78888d2e84fb557736ce1acd68810_JC.exe

Files

NEAS.7fb78888d2e84fb557736ce1acd68810_JC.exe
.dll windows:4 windows x86

ffd6d256474b2ad41c0f7e66cf9c50cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfrts32

mFt_ld_tab_func_search
_mFg2star_init_dll
mFt_load_ldnames
CBL_RENAME_FILE
_mFerr
_mFentry
_mFargt
CBL_DELETE_FILE
CBL_CREATE_DIR
_mFg2star_fast
_mFgAE

kernel32

GetCurrentProcess
LoadLibraryA
VirtualAlloc
HeapFree
HeapAlloc
WriteFile
DisableThreadLibraryCalls
WideCharToMultiByte
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
VirtualFree
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate

Exports

Exports

SGSUB161
XSGSUB161

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CBLLD2
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ