NEAS[.]f0fa33c753b3c59128d5270c256598b0[.]exe | Triage

Sharing

General

Target

NEAS.f0fa33c753b3c59128d5270c256598b0.exe
Size

5KB
MD5

f0fa33c753b3c59128d5270c256598b0
SHA1

108384bfc62e8d78fee903a9a7f762372faf01fd
SHA256

4248af13fe2eae1fb65e2d575791a565e552a73a226b581371dc61d24bba809a
SHA512

c81e96b234339f9f6a54b3b73524ec093f9ef2fb3bc569cc79c2ed0e27c9e3e8f33a91067e48df47ce711bbdc10d0df6b37a0c3f8ab0b573ce1de0628d4d04e5
SSDEEP

96:76tHvdXYwIGG0vDeCdO2TrBC2ia/a3or:4vdXn7G4qCdOx2ia/a3or

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f0fa33c753b3c59128d5270c256598b0.exe

Files

NEAS.f0fa33c753b3c59128d5270c256598b0.exe
.exe windows:4 windows x64

a3cb1d6fba1dead2739cab73d8f2c277

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LocalAlloc
GetSystemTime
Sleep
ExpandEnvironmentStringsA

msvcrt

memmove
printf
system
_vsnprintf
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs
exit

urlmon

URLDownloadToFileA

snmpapi

SnmpUtilOctetsCpy
SnmpUtilOctetsFree
SnmpUtilOidAppend
SnmpUtilVarBindCpy
SnmpUtilOidFree
SnmpUtilPrintAsnAny
SnmpUtilMemReAlloc
SnmpUtilOidToA
SnmpUtilOctetsNCmp

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ