NEAS[.]d8732cf4499d8855c6b7d4f48a1ed900[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d8732cf4499d8855c6b7d4f48a1ed900.exe
Size

292KB
MD5

d8732cf4499d8855c6b7d4f48a1ed900
SHA1

e47cbd79d44436f72d07c9d7d3d9826662da0e43
SHA256

74eaca40fb845fd4caa62a77ff34b20d1352f6e88163e8d1bf1f548c7bcb13ee
SHA512

0ec8a47741b0e8409e74bfe3346381c7d05d9996ddd7ef84083b701d7e3690ff36d43d8d8cc245e535fdf2d380a8383047e47bc556733f9541586d921ac00502
SSDEEP

6144:uuq1yy/pjnkeatS+TC1+J51YUUX/f2R7D4C:y1yc9ktbTC8y2R/4C

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d8732cf4499d8855c6b7d4f48a1ed900.exe

Files

NEAS.d8732cf4499d8855c6b7d4f48a1ed900.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 53KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE