NEAS[.]72a8ffd80614026af5abf8c1d38e6ab0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.72a8ffd80614026af5abf8c1d38e6ab0.exe
Size

111KB
MD5

72a8ffd80614026af5abf8c1d38e6ab0
SHA1

1da92a3b6ce808cec6903ff00b41218db13e7fa0
SHA256

2ce6b7781bda4ac78fb0f05dc01804eefb58b098dbaced9178298d7c93719938
SHA512

95389f3ffdbc42b33926ef7dc433be7c5767377c4857c73cce661d056caebaf6b36eb7133251725947f06b33cb37c9082e91db1239690e905fead06703e666b7
SSDEEP

3072:bq28Xg7+cVhspyWVSbdE4LA3Qhh/97K2oczn9RejV:bT8QRjsdadv2Qhh/91oqn9ReJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.72a8ffd80614026af5abf8c1d38e6ab0.exe

Files

NEAS.72a8ffd80614026af5abf8c1d38e6ab0.exe
.exe windows:4 windows x86

01322059683a12737e9ade8134743a22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSecurityInfo
GetServiceKeyNameA
GetTokenInformation
ImpersonateSelf
IsTokenRestricted
IsValidAcl

gdi32

GdiGetPageCount
GdiResetDCEMF
GdiStartDocEMF
GetDCOrgEx

shell32

FreeIconList
PathIsExe
RealDriveType
RestartDialog

wininet

FindNextUrlCacheContainerW
FtpGetFileA
FtpGetFileSize
FtpOpenFileA
FtpRemoveDirectoryW
FtpRenameFileW

Sections

.text
Size: 63KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE