NEAS[.]1ef335079cd94ed08a335b0ff0ed9eb0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1ef335079cd94ed08a335b0ff0ed9eb0_JC.exe
Size

375KB
MD5

1ef335079cd94ed08a335b0ff0ed9eb0
SHA1

1f88b2e0357dd6109b3eb0e16e1c804c91d3fa4e
SHA256

e2d67490cdad3d5ee5a730d6adc6217cbc02e68c6dff42f0d9e1f5b9f899f532
SHA512

d456e4ee996c93a83d2ddc312fc5fd44132e4192cb30c5a099de46452688dd3fa309e5aba292896e3c627885b7169c17f35d700329d0f74187666a008113a1f6
SSDEEP

6144:CjluQoSIIo5RKT5D9iMJPfs72EA4OLKpuqiavmCYxGK9vAGZSjFGIQ:CEQoSsO/lfNEA4W0KavmL0jFGIQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1ef335079cd94ed08a335b0ff0ed9eb0_JC.exe

Files

NEAS.1ef335079cd94ed08a335b0ff0ed9eb0_JC.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE