NEAS[.]a4338941ab9bea24274f98a5c9513cc0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a4338941ab9bea24274f98a5c9513cc0.exe
Size

923KB
MD5

a4338941ab9bea24274f98a5c9513cc0
SHA1

08691f187a6809cf5c71eadba0a582f065a1bb10
SHA256

a4e6d4153d4be988f66d142dae665a8ae91804010b8d5b75b9a46f3beef0ff6a
SHA512

fa59cf3ce73786cb849a08dd75d5271300880685f6149053d31a79712fe16df568b008493248e564a5b354230c11900ce00f07472e179d7668b708fdf0d641a3
SSDEEP

24576:nfzb4mQJMHQGSIszoiCxY5AdfVluroPqyX4GlhX19bF/uBddK:fLVHQGSrMiCxY5AVVsrAqyX4ebpuBr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a4338941ab9bea24274f98a5c9513cc0.exe

Files

NEAS.a4338941ab9bea24274f98a5c9513cc0.exe
.dll windows:5 windows x86

8a050fdcf8a6aa995f44dcdc1218b881

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord70
ord171
ord125
ord8
ord17
ord211
ord145
ord74

kernel32

GetComputerNameW
GetComputerNameA
FindFirstFileW
RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
GetVersionExW
WaitForSingleObject
FindClose

comdlg32

GetOpenFileNameA
GetOpenFileNameW

advapi32

GetUserNameA
GetUserNameW

shell32

SHFileOperationA
ShellExecuteExA
ShellExecuteExW
SHFileOperationW

Exports

Exports

DeleteExtractionPath
DeleteLZMAFiles
ExpandExtractionPath
ExtractLZMAFiles
FindEXE

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ