NEAS[.]cc54fe52391e15dfa040a67ef626a190_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cc54fe52391e15dfa040a67ef626a190_JC.exe
Size

119KB
MD5

cc54fe52391e15dfa040a67ef626a190
SHA1

423eccdfe62e62d7bfd7a0168b7e07d2b68a58b3
SHA256

f878048d239d21d625e9f08f88ac2d72a3c91bfd56bce154eead7ecaf2798633
SHA512

88d02cd354dedb63421100be057685a05e7736215430868ea80e7349a7a56fc742facf7455450e9ef945cac9e080a32418446412e7868662485a9794883eded0
SSDEEP

3072:XyqvHFeu3dCoXpSVPWi64D0USOtoa4wfxPDS29E5TZpF:iqvlecdCoMVOy0USOtoa4wfBDS2C5TZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cc54fe52391e15dfa040a67ef626a190_JC.exe

Files

NEAS.cc54fe52391e15dfa040a67ef626a190_JC.exe
.exe windows:4 windows x86

0766b74be65b7b61a6d5a405a6254991

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnregisterWait
IsEnclaveTypeSupported
GetGeoInfoEx
GetCurrencyFormatW
LoadLibraryExW
GetHandleContext
CheckNameLegalDOS8Dot3W
RegDeleteTreeA
WerRegisterMemoryBlockWorker
RegDeleteKeyExW
RegisterApplicationRecoveryCallback

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE