NEAS[.]ec42f32a2616626cca1b7e7850067cf0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ec42f32a2616626cca1b7e7850067cf0_JC.exe
Size

434KB
MD5

ec42f32a2616626cca1b7e7850067cf0
SHA1

2492d4f103134c7d0b0beb516562b45bbfb9d1d9
SHA256

36b0419eb211e39e50193eca120c0002e45dbee0c5d75fb533784ba4871136f5
SHA512

a3f7113cd98ce29683a967e99600880742e35d4d9f91a180a99d47ff941446d093e2ab94c66c00b0d53bd3c5394b64544e3140d11bc2bf0aa8274c8c6c351bad
SSDEEP

6144:4l/xT038JxNpgI0t2eLlPmWfus4eLLx0HMOizIYxjSlP8tiwkeesZBYWEn:4lN03AHgPZfus4eLLoMOiMYxe8YJWw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ec42f32a2616626cca1b7e7850067cf0_JC.exe

Files

NEAS.ec42f32a2616626cca1b7e7850067cf0_JC.exe
.exe windows:5 windows x86

cd1a4a93539c1890174aba17ace7ccc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

LoadIconW

advapi32

RegSetValueExW

shell32

ShellExecuteW

ws2_32

WSAStartup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 426KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE