NEAS[.]03734a4b62bd7f94d6c62faccb8b00f0[.]exe | Triage

Sharing

General

Target

NEAS.03734a4b62bd7f94d6c62faccb8b00f0.exe
Size

242KB
MD5

03734a4b62bd7f94d6c62faccb8b00f0
SHA1

d15cfc457af46eab3b8b432dbd8578b65fa9f48e
SHA256

e1493dc0952f5723867b6b92b43678423448f4c33f6ff031c1de0713b646cbe7
SHA512

595d810b5fbe94130b1fe2da0c520e5c72c2d051a1ea0e3907feeba62849e7809ac0d9bc0833b67c7088eba2d8cab9fb33e1396c91442ad6e154664d89f126fa
SSDEEP

6144:tgOJqllNWdMdroW3dLp3NI0d30PMhXAgW:tgOJqlmMZFL1dAx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.03734a4b62bd7f94d6c62faccb8b00f0.exe

Files

NEAS.03734a4b62bd7f94d6c62faccb8b00f0.exe
.dll windows:4 windows x86

b39f83899975eeb5b2db14b289d7529c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord70
ord8
ord171
ord125
ord17
ord211
ord145
ord74

kernel32

RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
FindClose
FindFirstFileW
GetComputerNameA
GetVersionExW
WaitForSingleObject
GetComputerNameW

comdlg32

GetOpenFileNameW
GetOpenFileNameA

advapi32

GetUserNameW
GetUserNameA

shell32

SHFileOperationA
ShellExecuteExA
ShellExecuteExW
SHFileOperationW

Exports

Exports

DeleteExtractionPath
DeleteLZMAFiles
ExpandExtractionPath
ExtractLZMAFiles
FindEXE

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ