NEAS[.]a09fe9125d6b85bdf77fe0e6e83c68c0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a09fe9125d6b85bdf77fe0e6e83c68c0.exe
Size

1.6MB
MD5

a09fe9125d6b85bdf77fe0e6e83c68c0
SHA1

e13961db08a1caa9bd7c7a815e3a762ec41b52bd
SHA256

c54b741707c4bedc4197b54bdac14e471b9612e4dba2a0b6f22ddd6c38c15253
SHA512

2c69c5cb37441a1237ef8c93450a6eef2d5c7c54cf1742dcd77af1e1152c41677f63dd244da653e78963096006d99dfe04058421697e3650aa7a12f4a6da5ad6
SSDEEP

24576:YieA9BCtBP/mFqKqRZUjPOIS43K6YCHW5aGk/UFjJruEzZTpSAgsD/oiZ3Lk:xeA9BMBYqKqES6hHWAcKITMEq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a09fe9125d6b85bdf77fe0e6e83c68c0.exe

Files

NEAS.a09fe9125d6b85bdf77fe0e6e83c68c0.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ktlju
Size: 512B - Virtual size: 4KB

.wu
Size: 512B - Virtual size: 4KB

.shik
Size: 512B - Virtual size: 4KB

.nbd
Size: 512B - Virtual size: 4KB