NEAS[.]1528e6b3493f83673861ec32668d8f80[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1528e6b3493f83673861ec32668d8f80.exe
Size

54KB
MD5

1528e6b3493f83673861ec32668d8f80
SHA1

e353ea52a70dc4c36c92ca45130f496a6fa2e7ea
SHA256

abbdbaa001092a311840f20543589c9523f790951cea2a1af63cc5902ace179f
SHA512

d2475dc9de2b790ea8b0ba8fd7c015dcbebcf616262e9535ae4b218a4bb3ad4061828276b6cdd8a71594d69466b7b85f2e6e69ca316302f7f6312db06b42a36c
SSDEEP

768:Nv4MEc04ZzLh3VtAghWjg8qstaNC7WlH8VTrf7AshVN/OET:NwMEcVLh3QghuGCqV8V3zhbT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1528e6b3493f83673861ec32668d8f80.exe

Files

NEAS.1528e6b3493f83673861ec32668d8f80.exe
.exe windows:4 windows x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 19KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ