NEAS[.]1ebbf33360e1238649599f96dc849a80[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1ebbf33360e1238649599f96dc849a80.exe
Size

158KB
MD5

1ebbf33360e1238649599f96dc849a80
SHA1

6cc8615ea7b3fa684e44a9769e95f1b666598760
SHA256

e22a4a13502118830eb285a9281bce885bb4f66320f36d6b149d33c62def370b
SHA512

1528945033603937e3f7c6b7dd4fc4cc15db734030a08cde652f8539fb0d34c77630c705f79d59476fe0d768755892a9b6f23ef6626df687be3add881fdcc7d2
SSDEEP

1536:cnkgtoPkq92Bh9LiDQcgHW2IPYmBF75zXIiogy1I4GLPv8okIgZSav4S+Cb:cYsq9UDeDQcicFZXIio4zLsTICSav5Bb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1ebbf33360e1238649599f96dc849a80.exe

Files

NEAS.1ebbf33360e1238649599f96dc849a80.exe
.exe windows:4 windows x86

e13658eb9e9964be94ec2bfcb3d32d08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
SetConsoleCtrlHandler
GetProcessHeap
GetConsoleWindow

user32

IsServerSideWindow
GetWindow

d3d8

ValidateVertexShader
ValidatePixelShader

tapi32

phoneConfigDialogA
phoneSetHookSwitch

dinput

DllCanUnloadNow

advapi32

GetAce

Exports

Exports

BeginFblbywfjahn
Mscxkqcexm

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.brdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE