NEAS[.]f905a4ce5f425fcc3e4bbdd53d151950[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f905a4ce5f425fcc3e4bbdd53d151950.exe
Size

10KB
MD5

f905a4ce5f425fcc3e4bbdd53d151950
SHA1

7c0eccde3f626b04efeca13933c6ee020c31ece6
SHA256

f7427e32038b17fc9a0e250c071ddcc883be7df3704c4dcc7b372198c4b6e386
SHA512

33458796a73f453e51d23ee41432229c002dd2bf0a4b2225f37d6165b6737009dc8aeba0f626e5feaf65f047ff88fbdfc06b17efb1ffa8b9783dc4c685c0f816
SSDEEP

96:Ch6CH3hdp5HXbR2yQCk9opvTy2wg5CUmkFl4DfKwDvMHK7Ku0sXVnl7Ax4R5I/6:ChWloM2U5DfKG7t1XVl7AU6/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f905a4ce5f425fcc3e4bbdd53d151950.exe

Files

NEAS.f905a4ce5f425fcc3e4bbdd53d151950.exe
.exe windows:5 windows x86

bb7ca8204cc07110e3c7af0980290e97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetConnectW
InternetReadFile
DeleteUrlCacheEntryW
InternetOpenW

kernel32

GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
LocalFree
ExitProcess
lstrlenA
GetTickCount
LoadLibraryW
Sleep
lstrlenW
IsDebuggerPresent
LocalAlloc

user32

wsprintfA
wsprintfW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ