NEAS[.]2a8f3689995563702cf711b9a32d5c10[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2a8f3689995563702cf711b9a32d5c10.exe
Size

53KB
MD5

2a8f3689995563702cf711b9a32d5c10
SHA1

8e5ace98e63df04ff0bfe77391abef9f198e74a8
SHA256

6ea1bf604b55b1876d1e84c24b811c3740a5d1b4f90107c9376c21894760bb4a
SHA512

0625c0f0be8f0e7f0f8a02d108cd551d030901477859de5274f429fa61d7e070d230b65384d6a023385b75c37f4b1c95ac4d8dce7f993dc64da936eae94b695d
SSDEEP

768:szM/e9xPnxrdAakEfzQsEkejRLXmIdgsS:3/Q5xmGXEkejRLXmIde

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2a8f3689995563702cf711b9a32d5c10.exe

Files

NEAS.2a8f3689995563702cf711b9a32d5c10.exe
.exe windows:4 windows x86

411c26819234a12cc52aaaf849f1d844

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualAlloc
CloseHandle
CreateFileW
DeleteFileW
GetFileSize
GetModuleFileNameW
GetTempPathW
GetCurrentDirectoryW
ReadFile
WriteFile
lstrlenW
lstrcmpW
SleepEx

wininet

InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetReadFile

shell32

ShellExecuteW

ntdll

RtlDecompressBuffer
swprintf

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 903B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ