NEAS[.]846c9ba3b9b1208fa51f19c443cd6c30_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.846c9ba3b9b1208fa51f19c443cd6c30_JC.exe
Size

14KB
MD5

846c9ba3b9b1208fa51f19c443cd6c30
SHA1

d70d6996849402832bdd21c7fcea1c3d6dac1939
SHA256

a83f589f3d8bfcfe39f67053ce0e24740f86eebfccf78b2134668b8f82483224
SHA512

6422199f43abac1d1b30a0521c051c985a085ec2dde852e647d41faca857b1d755ba301bb420c86a5a01ab94b599a87122d91f20464de05e4749134dcd7d19ed
SSDEEP

192:FmpqzIbfzCj4Wz6ixpEibQiad1AGEZr8k4TbboN74gV5aAUQ:FClbmkWzrEibQixOk4TbboN74Y5aQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.846c9ba3b9b1208fa51f19c443cd6c30_JC.exe

Files

NEAS.846c9ba3b9b1208fa51f19c443cd6c30_JC.exe
.dll regsvr32 windows:4 windows x86

5c1de943a8b81217d14da612c0c5b40a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetCommandLineA
FreeLibrary
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
GlobalFree
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
RtlMoveMemory

msvcrt

sprintf
strlen
_wcsicmp
wcslen

ole32

IsEqualGUID

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

code
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

const
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ