NEAS[.]a605ea3bfb07873ebc3111cc9613b790[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a605ea3bfb07873ebc3111cc9613b790.exe
Size

252KB
MD5

a605ea3bfb07873ebc3111cc9613b790
SHA1

5f24bee26b3d4e9b0cce21c4b3068e27d06113ea
SHA256

92dc9a86db6800885bcb66875a03d29b72954f14c3c5ee6286435cbee8df0d10
SHA512

5dad2e346b7f8608364c16cc14d9d41a9d13e25dc835d95fed2278f8c072ea903acbe10351408b4dd85b1bbbdaf70cf7477795510245d0632cdb6f23dfaf890c
SSDEEP

6144:eZdH9b5/Keg7tkqxrqLckP+xn0YOBI+AG0TG00tkQtkWC8eYhuhuK:eTdcB7DrVkP+xnXOBI+AM00nu8Fu3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a605ea3bfb07873ebc3111cc9613b790.exe

Files

NEAS.a605ea3bfb07873ebc3111cc9613b790.exe
.exe windows:4 windows x86

53d8de0cda4ac5dc74a328a12ffe8108

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

SetROP2

shell32

ExtractIconExA

Sections

.MPRESS1
Size: 60KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE