NEAS[.]a6059cf6fd836ed4be9aa4d909f7ea20_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a6059cf6fd836ed4be9aa4d909f7ea20_JC.exe
Size

119KB
MD5

a6059cf6fd836ed4be9aa4d909f7ea20
SHA1

f7a60027ecbf35b85ab3e03b4127e4fb84687af4
SHA256

0fbf3e5285194ad2c9c87636663630b9705498dda087c61bb9926425051ea12e
SHA512

733812e74f955f33b4895d11ed0820f85fd113b3c733008317ebace8206664753029491792fbec30f0a4bbafebc9b3af9fa9df43024bfc88c0d7ec9980a75ccb
SSDEEP

3072:BuOlrdvyGSSdfHvG2Usc8lm9crZCOtCCfAWwXIVCHHq9WGbE:3RvH5VvGugOMCfApRILbE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a6059cf6fd836ed4be9aa4d909f7ea20_JC.exe

Files

NEAS.a6059cf6fd836ed4be9aa4d909f7ea20_JC.exe
.exe windows:4 windows x86

09643a0e510b1f99a16d5e2ebca31c08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumaHighestNodeNumber
EnumSystemGeoID
GetComputerNameW
GetEnvironmentStringsW
DuplicateEncryptionInfoFileExt
GetHandleInformation
WriteFile
DecodeSystemPointer
GlobalFree
TermsrvGetPreSetValue

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE