NEAS[.]279ffb7371bf062b68ddaddb7db99950_JC[.]exe

General

Target

NEAS.279ffb7371bf062b68ddaddb7db99950_JC.exe
Size

10KB
MD5

279ffb7371bf062b68ddaddb7db99950
SHA1

48c0c4f71d1ce0aa27a69ea47fd60618b3ec91d0
SHA256

615e3d879db10f413918e7ec9976228db6bcdd28b4a78cdc106d196c0b116558
SHA512

a67cd1ac37540cdb40c44904a537d14e0662f812fec3508f728a2f27cb21d3cd7f1d4ebfe21188c701afa1770480df720118969f4188b253e4b502e083508a56
SSDEEP

192:U+pwQFMtM8ezgRR5RcRkNJlJL1pJlJzyDPyy:HFva54yTFxGy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.279ffb7371bf062b68ddaddb7db99950_JC.exe

Files

NEAS.279ffb7371bf062b68ddaddb7db99950_JC.exe
.dll windows:6 windows x64

97d55be7d8af692f44cc450c18eb610f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libapriconv-1

apr_iconv_ces_nbits8
apr_iconv_ces_reset_func
apr_iconv_ces_close_func
apr_iconv_ces_open_func
apr_iconv_mod_noevent
apr_iconv_ces_zero

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
IsProcessorFeaturePresent

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_configure_narrow_argv
_initterm
_initterm_e
_seh_filter_dll
_initialize_onexit_table
_initialize_narrow_environment

Exports

Exports

iconv_module

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97d55be7d8af692f44cc450c18eb610f

Headers

DLL Characteristics

File Characteristics

Imports

libapriconv-1

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 240B

.pdata Size: 512B - Virtual size: 396B

.reloc Size: 512B - Virtual size: 72B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 240B

.pdata
Size: 512B - Virtual size: 396B

.reloc
Size: 512B - Virtual size: 72B