NEAS[.]c80bc5376b10b5d44dbbb589ca9be260_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c80bc5376b10b5d44dbbb589ca9be260_JC.exe
Size

333KB
MD5

c80bc5376b10b5d44dbbb589ca9be260
SHA1

3d1ee0357d519a4982deb1a9bf6b4a2b641c332f
SHA256

a6f3d27ba9ff8f428d37a9076d10d56d7aec63543fb9ef78aad702fd0b5730d4
SHA512

d54b4e9e37795b54dfba803b1d1528e081788b4f0f0c11a78bfcd6a629afaa7b8422f6acbf99e588aa685a6e668970a57fb144d593fd0416deb8bc1706453e42
SSDEEP

6144:asgDYs7ivUxR3JyVVVhmb9ObGT4F53eRFM/O17x0M7unOuO5LvxkL:asgESlJyrTI9O8aYR717x0M7/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c80bc5376b10b5d44dbbb589ca9be260_JC.exe

Files

NEAS.c80bc5376b10b5d44dbbb589ca9be260_JC.exe
.exe windows:5 windows x86

a47ce5d99cbb64369bb7347a4fefab1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

gethostbyaddr

iphlpapi

GetAdaptersInfo

wtsapi32

WTSRegisterSessionNotification

oleacc

LresultFromObject

gdi32

SaveDC

winspool.drv

OpenPrinterW

oleaut32

VariantClear

Sections

.MPRESS1
Size: 280KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE