NEAS[.]711f60a2438d52e09d69be1d871d9990_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.711f60a2438d52e09d69be1d871d9990_JC.exe
Size

78KB
MD5

711f60a2438d52e09d69be1d871d9990
SHA1

cd893c4efd4b32d2cdd6a1a1d4b694930fe0d319
SHA256

676f39a3c97cd33d15dfe0466ce7904542fd1b6cc9a822a11135a919f8fd673c
SHA512

5e3b857d61d7f2c0cb5d9a66c7cfb17a80f84134aa506f9a58e6c44b85c991e873170edcb74b919d659ef3eea029c56650f2ba1aeff8773100948f49ff7454c3
SSDEEP

1536:vJKS8xdq0yGQ4QBQRstUOLAE2GCTLXb4yzwC132n6RbK1A:RJ8x0VyRstbLAyCTLXb4yzjRbaA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.711f60a2438d52e09d69be1d871d9990_JC.exe

Files

NEAS.711f60a2438d52e09d69be1d871d9990_JC.exe
.exe windows:4 windows x86

231425377893abb7b2ff9764e70528f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

mpr

WNetOpenEnumA

version

VerQueryValueA

wsock32

WSACleanup

winmm

waveOutSetVolume

Sections

CODE
Size: 35KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WinLicen
Size: 54B - Virtual size: 54B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE