NEAS[.]f84d5c4fb6a469d74764428ec96fbe20[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f84d5c4fb6a469d74764428ec96fbe20.exe
Size

478KB
MD5

f84d5c4fb6a469d74764428ec96fbe20
SHA1

5d52b3070a71892901be303ef8c5e9a91adf2635
SHA256

e65de6bf1384729825a712d251082141f636e2516591228b727e4ca2e59605ea
SHA512

1aef387f3887bc5bcfee5110dc0d24ddc4188ef7fd026e00554905614e28654ec0fb271fca7ad59809f9b85a299ce9b24216f3dac54e1ea34e8e8119b7d6cb8e
SSDEEP

6144:lJuXtXxog5E+FWPNfrf6yGEssQxNpbMEmQ:f8XNE+FuNfrSyGEssQJ4Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f84d5c4fb6a469d74764428ec96fbe20.exe

Files

NEAS.f84d5c4fb6a469d74764428ec96fbe20.exe
.exe windows:4 windows x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 170KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE