NEAS[.]60304722d1680338290106c8064092d0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.60304722d1680338290106c8064092d0.exe
Size

5KB
MD5

60304722d1680338290106c8064092d0
SHA1

3bfba602556bc50310cc81725439062032b02544
SHA256

a743a766f84a6637ce8ef5fb58f1026500a1a3bee93431c217203e19bcaa3e83
SHA512

e4d16c00f538d38a75fda1c80559c63b2ab53402a53f0fd787d460065319e493990ecb9f8cb0e727d5a199b849c6f91508215e9403f5ed6eb67db45c3d0d2f87
SSDEEP

96:jtHvdXbtGIx99i1bnOmnddoTr5g73uoor:VvdXgs99UbnOmZlor

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.60304722d1680338290106c8064092d0.exe

Files

NEAS.60304722d1680338290106c8064092d0.exe
.exe windows:4 windows x64

f244731d8133dd7f9cbc7fae5d7fab29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LocalAlloc
GetSystemTime
Sleep
ExpandEnvironmentStringsA

msvcrt

memmove
printf
system
_vsnprintf
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs
exit

urlmon

URLDownloadToFileA

snmpapi

SnmpUtilOctetsCpy
SnmpUtilOctetsFree
SnmpUtilOidCpy
SnmpUtilOidAppend
SnmpUtilOidFree
SnmpUtilMemFree
SnmpUtilMemReAlloc
SnmpSvcGetUptime
SnmpUtilOidNCmp
SnmpUtilIdsToA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ