NEAS[.]ded63a2bed8222d634725443b23c2980[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ded63a2bed8222d634725443b23c2980.exe
Size

6KB
MD5

ded63a2bed8222d634725443b23c2980
SHA1

2cc792ab65ece96bac0283a099e0ee18bf45cdf3
SHA256

e5d63c3244ccb2c1383c8985ae1c7d2fa24a4e1db44b242408111d23a1e27b2d
SHA512

718e32e4b94cbf7e7a020e8c5e779dfdf830d29f79409c998e5c284449e595b8aafcc3e1a33cbb09f09e10623b21c788ab4ea19be2892b66b0c1162cecdf1016
SSDEEP

96:hy859x0P8MaUMsB/CET6oDacoM92r5f2Lj/W1PSHLOiTT:F5oL9MsBJOmFL2ruj/W52OK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ded63a2bed8222d634725443b23c2980.exe

Files

NEAS.ded63a2bed8222d634725443b23c2980.exe
.dll windows:5 windows x86

c4c9ecfc26ca516a80b8f6f5b2bdb7e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
GetProcAddress
CreateFileA

msvcrt

free
_initterm
malloc
_adjust_fdiv

Exports

Exports

rundll32

Sections

.text
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ