NEAS[.]523dcfaa030375e5b61a1a38a621bc70[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.523dcfaa030375e5b61a1a38a621bc70.exe
Size

143KB
MD5

523dcfaa030375e5b61a1a38a621bc70
SHA1

746841d87b0f92ddef5c9107452b9c7219a98d72
SHA256

ca62f2bb9bf167b505d6352b83b787ea4aa79104128ae714a19398b53e0ac24d
SHA512

b4a9a657b01e0e08286037124ba363da30cc3785d5434865ae6c84c02ad9342dfbdf8777d1ebebc064c7264e06da7293b1349c00df5bcf44e721c5bfc6444b1f
SSDEEP

1536:UKbXoDscbXeQcbcvA3NmROEfxQcC63+8K77JnP3hwQlccywVQK:UKsZVcbDslQN6uBvHVVp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.523dcfaa030375e5b61a1a38a621bc70.exe

Files

NEAS.523dcfaa030375e5b61a1a38a621bc70.exe
.exe windows:4 windows x86

5f7ee2c6edf76e787cd4589d04416b4a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
RtlMoveMemory
GetSystemDirectoryW
SetStdHandle
DeleteFileA
GetTempPathA
GetThreadLocale
GetModuleHandleA
GetStringTypeW
InterlockedDecrement
GetProcAddress
VirtualQuery
WaitForMultipleObjects
lstrlenA
LCMapStringW
SetFileAttributesW
CopyFileA
GetCurrentThread
FileTimeToDosDateTime
VirtualProtect
LoadResource
InterlockedExchange
SetThreadLocale
SizeofResource
RtlUnwind
GetExitCodeProcess

msvcrt

_controlfp
_XcptFilter
__p__fmode
__set_app_type
__p__commode
_adjust_fdiv
__p___initenv
__getmainargs
_initterm
_except_handler3
_exit

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE