NEAS[.]992532d3a157239b5c13cb1c6d707860_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.992532d3a157239b5c13cb1c6d707860_JC.exe
Size

3.4MB
MD5

992532d3a157239b5c13cb1c6d707860
SHA1

d3eb1cfe7f89db2aa3418e5c5783c4d86fbf1224
SHA256

bf3de1ef7457e660e3689208ecd71e3a4572d24bbd331a9f5c80a11c22fb5ad3
SHA512

638c9ec778b3174cacbde307beed40920bcaea7ec4773fffc0ce2b00c88128d5c02e44f12b0f2f90956a609be74ce5752186fb92d05b3f302811f25b05fdf492
SSDEEP

98304:fH5zmKl2kXG01Ksmyacg4CYMp8D42Ec+9M:vFmKl2jyhQ7XC4w+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.992532d3a157239b5c13cb1c6d707860_JC.exe

Files

NEAS.992532d3a157239b5c13cb1c6d707860_JC.exe
.exe windows:4 windows x86

7482cada4e6b6caa80e405a4cd9f5593

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

CryptAcquireContextA

version

GetFileVersionInfoA

wsock32

WSAAsyncGetHostByName

winspool.drv

ClosePrinter

comctl32

FlatSB_GetScrollInfo

comdlg32

GetOpenFileNameW

gdi32

AbortDoc

msimg32

AlphaBlend

shell32

SHGetFileInfoW

user32

ActivateKeyboardLayout

winmm

sndPlaySoundA

ole32

CLSIDFromProgID

oleaut32

CreateErrorInfo

gdiplus

GdiplusStartup

Sections

.text
Size: 3.4MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE