NEAS[.]d829758ea617cbde1b1d644e7f6d74f0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d829758ea617cbde1b1d644e7f6d74f0.exe
Size

2.2MB
MD5

d829758ea617cbde1b1d644e7f6d74f0
SHA1

efc2c73b98c327ac142b93b92cfb43c6b2ba9127
SHA256

e513056d3677a213333b19b83be01f9952d03a0d85fd8d8f7857f8608a4aca54
SHA512

d1483c6aa602f508a6ebe5de833cda5bedba3e6b8c5122aa12594442557d6db7ae5a9e034b4d7cff04f07ea696aceb1aca5852d24b7672c6c306cf290197cc7c
SSDEEP

49152:IbUhg1iwZhyWGVa/6necP6qkjU9+UFeEi9s61S:IQhg1i8GVa/RlPW+6f61S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d829758ea617cbde1b1d644e7f6d74f0.exe

Files

NEAS.d829758ea617cbde1b1d644e7f6d74f0.exe
.dll windows:4 windows x86

99933c440a1850bbdd541b70093e5cf5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UpdateColors

ole32

CoTaskMemFree

comctl32

InitializeFlatSB

winspool.drv

OpenPrinterA

shell32

ShellExecuteExA

comdlg32

PrintDlgA

winmm

sndPlaySoundA

Exports

Exports

CloseFrm
FHDLLID
showform

Sections

CODE
Size: 1.8MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 333KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE