NEAS[.]58230887f3f35785fa9770f350a5e2b0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.58230887f3f35785fa9770f350a5e2b0.exe
Size

32KB
MD5

58230887f3f35785fa9770f350a5e2b0
SHA1

b38a7b324e74092f588dffe7567850296304aae5
SHA256

a9dabccc69db95796a169de5b1ceb4f0a61ad04aaa3ad60b1e04aaff214e5791
SHA512

a2706bf62c935240c94e47331667d8d4e77505a8ac597d638043ac3a434667285c4f6d27ecbb970a70d7567e04b8c62a2ff91df770f4b0c35a2a7ebd496be95c
SSDEEP

384:PDquX9VSl19JO5cAe+PsRVyBuXPNLQ1PMm372Vle1XGPqUp01q:7qqKO5cyUPe9Mmk42v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.58230887f3f35785fa9770f350a5e2b0.exe

Files

NEAS.58230887f3f35785fa9770f350a5e2b0.exe
.exe windows:4 windows x86

9c135566ea0dde884f1026584df790d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

printf
free
atoi
fgets
strncmp
strcmp
tolower
_pctype
__mb_cur_max
_isctype
time
memset
malloc
strchr
toupper
fclose
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strcat
fopen
fprintf
strcpy
strlen
atol
sprintf

kernel32

GetModuleHandleA
CreateThread
GetLastError
GetCommandLineA
GetCurrentDirectoryA
GetStartupInfoA

user32

PostMessageA
DefWindowProcA
PostQuitMessage
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA

wsock32

inet_addr
WSAStartup
htons
htonl
gethostbyname
ioctlsocket
closesocket
bind
WSAGetLastError
socket
sendto
recvfrom
select

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE