NEAS[.]6115bb7b4a60c0370f860776724733e0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6115bb7b4a60c0370f860776724733e0.exe
Size

2.2MB
MD5

6115bb7b4a60c0370f860776724733e0
SHA1

45ba27b5d2829dc66a9b538073281ef538090af3
SHA256

069753190edf89de8975be4d57a08c8b408e8344c312166b59857a333434daea
SHA512

bae5de973a52de8a1063cb5f63233bb7dcf983e8be83375a6f9b0847671371744ad623ec663f1a951ac1044f9fa13296aa4d5fc70aa2bab803b6c376ba0ea35e
SSDEEP

49152:1c1/J5y1OunkmCsOH4/Cz91AEFUFJbZleg1J:O1/Py1OWrCL4/C0ECLig1J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6115bb7b4a60c0370f860776724733e0.exe

Files

NEAS.6115bb7b4a60c0370f860776724733e0.exe
.dll windows:4 windows x86

99933c440a1850bbdd541b70093e5cf5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UpdateColors

ole32

CoTaskMemFree

comctl32

InitializeFlatSB

winspool.drv

OpenPrinterA

shell32

ShellExecuteExA

comdlg32

PrintDlgA

winmm

sndPlaySoundA

Exports

Exports

CloseFrm
FHDLLID
showform

Sections

CODE
Size: 1.8MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 333KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE