NEAS[.]2ed37a9a00f209b3481c1f630ac10a60_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2ed37a9a00f209b3481c1f630ac10a60_JC.exe
Size

220KB
MD5

2ed37a9a00f209b3481c1f630ac10a60
SHA1

c0738c2f62e0bf9d48819bece08edf5ad5c069e5
SHA256

251710bb5eabbe660454ed32035b6fcefa9800ea0e709e4e982b2166e6841728
SHA512

ab94719bb3f891a08e82f80af3b3588a7c0530442bbcc21afd97cbd08342b48ebfba1a3e236210c34fb73076beeb495d8d22783397333289394ba2e9cff9706e
SSDEEP

3072:8bhRgTKNL8mK7rmudy6tKYkeCmFc5VrwpsirJSv90EEI1d:83gTGgrZy6t2ryomrJSv9/EI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2ed37a9a00f209b3481c1f630ac10a60_JC.exe

Files

NEAS.2ed37a9a00f209b3481c1f630ac10a60_JC.exe
.dll windows:4 windows x86

528e89a40e4b837083ffe28b78487ff4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetSystemMetrics

msvcr71

_mbctype
strncpy
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_vsnprintf
strtok
__security_error_handler
_except_handler3
free
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
__dllonexit
_onexit
atoi
_purecall
strncmp
memchr
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
DisableThreadLibraryCalls
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

Exports

Exports

CanUnload2
RMACreateInstance

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ