NEAS[.]02d5d50c3b7ebeca08b44d29bca22380_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.02d5d50c3b7ebeca08b44d29bca22380_JC.exe
Size

56KB
MD5

02d5d50c3b7ebeca08b44d29bca22380
SHA1

8a5a02b5f50889511da33cbb461d12f5d9462ee7
SHA256

7acc165427b5f41370f3b7b6ce87a1bf8a1ec17b043f5bd0c8292067edf8dc4e
SHA512

f29e90aa6534c2465f8f5b8486ccded5bb5a0a234716d23195add0e747dc4f89fd45cc2cbcc27560c25ffa48477448db40b5228e64bf89b1a4dc1578a74f5597
SSDEEP

768:Gg2g2g2g95xeRMdfBYDpQ9PcOxETJ+vSkfnAouwbV/ezGgY8k+kMu++hMXF1tvYX:QVWJvZA8bV/+cBQWgPlYDXbVU4aNw9Gi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.02d5d50c3b7ebeca08b44d29bca22380_JC.exe

Files

NEAS.02d5d50c3b7ebeca08b44d29bca22380_JC.exe
.exe windows:4 windows x86

f3f4f42734e019dd87ae048ed95fa3f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
ResumeThread
NlsResetProcessLocale
GetProcAddress
AssignProcessToJobObject
EnumCalendarInfoA
BaseUpdateAppcompatCache
ResumeThread
OpenFile
CreateMutexW
Sleep
GetLocaleInfoW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE