NEAS[.]517817eb5eedaa18bdec769e7ce1fdf0[.]exe | Triage

Sharing

General

Target

NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe
Size

189KB
MD5

517817eb5eedaa18bdec769e7ce1fdf0
SHA1

53de132964d2753cbb2a0b5d9f60893319b203f2
SHA256

7f66ff3584b1ba8000dbd5d48a75b979ea5307ad01571709aa84dfc917651ec0
SHA512

96845de4ab8cb5ceae2f4b3fc006b7c3c3a433b4cbcf1beac5bd2bf23b5fdedb37cfb7398aba25044a05f68e2db99763b62ba0e0da7b0335f79f49182479e5f3
SSDEEP

3072:j/Aq24TVSzXHj+iImrB+KltKQo+PHWHvrEpzibBJieVGEKB3zIJ6Dps:jZ24TVSLDQsEKeQr2HvryzkUeVGJc0K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe

Files

NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe
.exe windows:4 windows x86

bd103223dafccdebb93a9e3dcd54005f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memmove
_CItanh
_CIsqrt
_CIlog
malloc
memcpy
free
fseek
ftell
fread
fclose
strcmp
strcpy
sprintf
strncpy
strlen
strstr
localtime
mktime
gmtime

kernel32

GetModuleHandleA
HeapCreate
GetCommandLineA
HeapDestroy
ExitProcess
GetCurrentProcess
CreateThread
WideCharToMultiByte
HeapFree
HeapAlloc
Sleep
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CloseHandle
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetLocalTime
HeapReAlloc
ReadFile

user32

LoadIconA

gdi32

BitBlt

wsock32

WSAGetLastError
getpeername
closesocket
WSACleanup
WSAStartup
recv
send
htons
sendto

winmm

timeBeginPeriod
timeEndPeriod

Sections

.code
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ