NEAS[.]ebfe75a0d6de254838747c804b1f6360[.]exe | Triage

Sharing

General

Target

NEAS.ebfe75a0d6de254838747c804b1f6360.exe
Size

868KB
MD5

ebfe75a0d6de254838747c804b1f6360
SHA1

3bf5184f888d7498e8ca966f6852d90d6c55e25d
SHA256

6b1da109a589f7e05cf4f48b469a5f93e123d2c40f5b821ab1266047a3aa6466
SHA512

762f849f9d2298e21986a49dfd66ca1681ca1464b2668d456b519d67e211c3638c15537361ec959bfb633b713d9d201a50a46801d75f9fadf5f1f0aba7be2e32
SSDEEP

24576:NSLIqh6FQCW01GaF3KMVBs0AvLYHnZPTjUzlUbqU:Nfmc4MDs0ADmZPHabU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ebfe75a0d6de254838747c804b1f6360.exe

Files

NEAS.ebfe75a0d6de254838747c804b1f6360.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvxzt
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yno
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vzkj
Size: 512B - Virtual size: 4KB

.lygia
Size: 512B - Virtual size: 4KB

.o
Size: 512B - Virtual size: 4KB