NEAS[.]6ac05648ea367f84c663d8ad5bfd4920[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6ac05648ea367f84c663d8ad5bfd4920.exe
Size

92KB
MD5

6ac05648ea367f84c663d8ad5bfd4920
SHA1

73d8afc856776e41e37130552c9d5b462edbc26d
SHA256

90f7aa3313584707c494c4f8548c7795ca64fb394926a1a679778e42261c4df4
SHA512

3bd38bb03fce13ea3a6fbcf343f616995a95093935b7db166c754220d815697e6dc6a81b27cbd54d668813447fc1807724ca086cc4f3c8f1016495345ee66f49
SSDEEP

384:cbetIoQUDVPy47N4CJ3E4S6i+h+xPN3FdDs:cbJWq47DFS68xl3FdDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6ac05648ea367f84c663d8ad5bfd4920.exe

Files

NEAS.6ac05648ea367f84c663d8ad5bfd4920.exe
.exe windows:4 windows x86

75e40c165946a7fa05bb72f5d32e3a17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
IsBadReadPtr
WriteFile
ReadConsoleA
GetTickCount
GetModuleFileNameA
CloseHandle
HeapAlloc
GetFileSize
CreateFileA
GetEnvironmentVariableA
DeleteFileA
MoveFileA
FreeLibrary
GetProcAddress
LoadLibraryA
ExitProcess
GetModuleHandleA
GetProcessHeap
SetConsoleTextAttribute
SetConsoleTitleA
ReadFile
GetStdHandle

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam

user32

wsprintfA
MessageBoxA
wvsprintfA

msvcrt

strchr
_ftol
modf
free
srand
rand
_getch
atoi
malloc
sprintf

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE