NEAS[.]c5a5c0174d722da455f9da0d95484210[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c5a5c0174d722da455f9da0d95484210.exe
Size

28KB
MD5

c5a5c0174d722da455f9da0d95484210
SHA1

34e8c7c747e79435b07162b71a3ea0ec821f56d3
SHA256

459cea07bfbdd26621ab3b9b188b634c7e6d5657a11554613930a78a34322697
SHA512

e620505f5d19df5b64704d6517e00bd6be96647eabb18624b98ae20ffa763b19890a62e8c3c361864ca506233e6266e90f8b9e1d53544870cd8f1c28bdba4cfb
SSDEEP

192:MQBYwxkEfN5KyFlHMdNQxdhtQ78RNTyx0X:MQBpkwbKywIQ78Tc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c5a5c0174d722da455f9da0d95484210.exe

Files

NEAS.c5a5c0174d722da455f9da0d95484210.exe
.dll windows:4 windows x86

8eb56a804cb0b89b58a362a95feca982

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nnotesws

ReadFontPreferences

nnotes

ord133
ord130
ord138
ord437
ord132
ord208
ord207
ord213
ord131
ord236
ord134
ord139
ord140
ord203
ord1116
ord505
ord1117
ord1063
ord212
ord135
ord178
ord707
ord182
ord393
ord143
ord194
ord183

kernel32

DisableThreadLibraryCalls

user32

GetDC
ReleaseDC

gdi32

SetMapMode
DPtoLP
GetDeviceCaps

Exports

Exports

ImportPICToCD

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 762B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ