NEAS[.]75764a58de7cdd369c240f7a5b22a140[.]exe | Triage

Sharing

General

Target

NEAS.75764a58de7cdd369c240f7a5b22a140.exe
Size

248KB
MD5

75764a58de7cdd369c240f7a5b22a140
SHA1

5056cc22a6c4a1f40af515e7eeb9ec30f1dc7040
SHA256

97f93cd3a602fbcca2ce7185e9c0b6afa22e9ef98db70a2efc7bb53f5988f817
SHA512

fad36bd7976bd721e16f6c0c17cb87513f085b47f0637aad1bed3a18b2389cfde780ba7b59fe7095c027b07127e61a148f1cc7c6b24535227e3d02db97d1308a
SSDEEP

3072:m2lsD/ExQKBL+UjcjR/6HAQ8S138WtA7Kzfk0saK:mj/ENR+Uwl6HlXA78fJsaK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.75764a58de7cdd369c240f7a5b22a140.exe

Files

NEAS.75764a58de7cdd369c240f7a5b22a140.exe
.exe windows:1 windows x86

120c163627f56634f6f1cf5ddfc80997

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind
SetLastError
GetModuleHandleW
lstrcpyW
lstrcmpW
lstrcatW

crtdll

__GetMainArgs
exit
raise
signal

framedyn

?Compare@CHString@@QBEHPBG@Z

iphlpapi

GetAdaptersInfo

user32

GetCursorInfo

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE