NEAS[.]1be30f849a62a0a150f2a547b92bbfb0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1be30f849a62a0a150f2a547b92bbfb0.exe
Size

1.5MB
MD5

1be30f849a62a0a150f2a547b92bbfb0
SHA1

99e73aa4793beea137275fc91e25613cf9dd43e0
SHA256

eb4e9cc008bb69dcac540375fe324fbbcf34dc367f7e1838703f42d2219de982
SHA512

90b7e1b1c363ffc8496d2e72ddf2bc01e1e5a9406b24cf65e607feed22b69bff1611fd65d7b22c320cef413d1e37d9f0a5f26dd3bd7903a6990669d4f15d47f9
SSDEEP

49152:Nax9ssMPRDBqI2liA/aSik0XysuD8Dxqx7x:Ne6sMp9qIoiP9zFqx7x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1be30f849a62a0a150f2a547b92bbfb0.exe

Files

NEAS.1be30f849a62a0a150f2a547b92bbfb0.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvxzt
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yno
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vzkj
Size: 512B - Virtual size: 4KB

.lygia
Size: 512B - Virtual size: 4KB

.o
Size: 512B - Virtual size: 4KB