NEAS[.]cde072297084f38ffe5e946e76a33390_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cde072297084f38ffe5e946e76a33390_JC.exe
Size

119KB
MD5

cde072297084f38ffe5e946e76a33390
SHA1

024c05c249df1b547b4af269fe4295bd7560c581
SHA256

d09f711b097b9dfce5258193fd8ffd677ee7f2575a9c80692e8437660af4436b
SHA512

61f18a09dc654ce7c87731bc71c1f5165d547dafc41452b027eb210dbff3fccf4e8a1174bd6b1921f6a1e14b9d35229eb4d74995df061d357b1c51f2d84d2fea
SSDEEP

3072:qu2SU3Q14CjQYaiTqoVRNW661xHX6ZIh2dmH:qTSat4qoVRi9hf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cde072297084f38ffe5e946e76a33390_JC.exe

Files

NEAS.cde072297084f38ffe5e946e76a33390_JC.exe
.exe windows:4 windows x86

8f85a939fdd0a0406c715d1efcfaea5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateHardLinkW
K32GetDeviceDriverFileNameW
RegDeleteKeyExA
PssDuplicateSnapshot
SetEvent
LockFileEx
SearchPathW
FoldStringW
WaitNamedPipeW
BuildCommDCBA
GetProfileStringA
TermsrvSetValueKey

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE