NEAS[.]3cd446ba517825a479fd0282ebaaa560[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3cd446ba517825a479fd0282ebaaa560.exe
Size

355KB
MD5

3cd446ba517825a479fd0282ebaaa560
SHA1

babb695a0edcc93488aa1030eadf3cdefaf2f84b
SHA256

b0cefab909675d965ee3227d0885249ec0972c6ee670d6870c7fc31290ec4045
SHA512

7e9d07c34ae213e2ba51fb676a289d9cbb04ffbd130b304a2171fc84650bd61b84d30ff630b37acc740f4346816ff3bbca295d351b3dd9b81cbf98381a3ac0cd
SSDEEP

6144:DukPsIgM9xFf4skwk9Alx+y/clR12YdxfsLPrPwo:68gWAs89ATo12YTfm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3cd446ba517825a479fd0282ebaaa560.exe

Files

NEAS.3cd446ba517825a479fd0282ebaaa560.exe
.exe windows:4 windows x86

58c701cf9e0ec381fb056d5f5b5c2a16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect

oleaut32

SysAllocStringByteLen

Sections

UPX0
Size: - Virtual size: 604KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 201KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-c
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1xaaq
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE