NEAS[.]5081ad6125016c23ae52bce16135cbd0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5081ad6125016c23ae52bce16135cbd0.exe
Size

798KB
MD5

5081ad6125016c23ae52bce16135cbd0
SHA1

c9cd1d3429fd7f36b539c1619b7842d8a0e297f7
SHA256

97472ad71cf9714e0123e7b0457e4fcfc41d71b92b07848853d7a7aa6529d2ba
SHA512

0c0a04e5fc4a599c5f94d630e7d03c53b162e12a91417c085df257cc549cfa815db2c74266ea55fdfcecbc6283cd99e47d735dd41345ea558ef6bec2f4a6ce74
SSDEEP

12288:e4SYUCBvwH9/C9fZsfsDIU877Hdf3KzDu8aeijtMIJzN0rI3iQXu:e4SYUCNwtC9fWsDcduuhjSQiQXu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5081ad6125016c23ae52bce16135cbd0.exe

Files

NEAS.5081ad6125016c23ae52bce16135cbd0.exe
.exe windows:4 windows x86

c086bc9de3d34586f34c04e4345dd520

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrW

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_

Sections

.MPRESS1
Size: 329KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE