NEAS[.]61f479b72c9e83c77fc2b19250288750_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.61f479b72c9e83c77fc2b19250288750_JC.exe
Size

53KB
MD5

61f479b72c9e83c77fc2b19250288750
SHA1

18a21846e04ae693791dc9659d82c48538723b28
SHA256

5adf360188e9edd221595e12739b8b2ced8f2ae63662ebc0736270fef3bc4728
SHA512

e6569e7adada8238879c587d90adb47a00f3ff69bb8e3e64d75dd951430549ae169dde352d46296551283c1056846b450062b6ac15d37fab90f3f4fcd944823f
SSDEEP

1536:vMcQYte55zs091Zw9FAGDdJYipvwGf9ogjrg15:vMhAe5Zs091KI+JYixw49XjrQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.61f479b72c9e83c77fc2b19250288750_JC.exe

Files

NEAS.61f479b72c9e83c77fc2b19250288750_JC.exe
.exe windows:5 windows x86

b892955ae494fe908bdf52e81e1dfa4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

WSAStartup

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 35KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IOSDWD
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE