NEAS[.]NEAS170a20b22618e5f20d9924bb554af9eeexe_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.NEAS170a20b22618e5f20d9924bb554af9eeexe_JC.exe
Size

363KB
MD5

170a20b22618e5f20d9924bb554af9ee
SHA1

a970a37270ef2b0735fe862a2fd40b9883546506
SHA256

032046f647bfe7c1b08f461505f5b80e8804d34d854a85a3696d8ed0a9939a8f
SHA512

f30ce3a93339e2b876887e3cb10ba60ea57e4efe039ebfef0d453fef8bf2bf23a01b7b82e69785307479fd24cc27e06892cc66546a82a40187a0e32fb86deafb
SSDEEP

6144:VjluQoSiIo5RUP5rvZsiVJbssqmgERtlq5mFLC511IZ8R3B7bhR0Xxmw6Kv:VEQoSmgAiVJ5lqL1iuRR7lCXh1v

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.NEAS170a20b22618e5f20d9924bb554af9eeexe_JC.exe

Files

NEAS.NEAS170a20b22618e5f20d9924bb554af9eeexe_JC.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kxvu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.psfx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fpugn
Size: 512B - Virtual size: 4KB