NEAS[.]60d1c44a86f8b6d8b59ca380556c9340[.]exe | Triage

Sharing

General

Target

NEAS.60d1c44a86f8b6d8b59ca380556c9340.exe
Size

291KB
MD5

60d1c44a86f8b6d8b59ca380556c9340
SHA1

aa55e9b3038377eb4ec6cac5ffa8bb1332922989
SHA256

d89db36777307b0ccee1e2a45bfaccc443ac73a7857abc180214f6c8a1ca0190
SHA512

af9f34e6620a70deb49c88f14c4637ee87a78bc7960f1c55074189c9db041b2030694754743ece2dfd35da6fe9cc1369e40efa8e71a1f1add7baba3b35b1a78b
SSDEEP

6144:zCKw0+tZvozAx9/dpwwyQHhjqZDq8NjPCjEGpAJiJ/L4IR:2JH0Ze8NzIWez4IR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.60d1c44a86f8b6d8b59ca380556c9340.exe

Files

NEAS.60d1c44a86f8b6d8b59ca380556c9340.exe
.exe windows:5 windows x86

0f8f365fd263ee2eb3ef080790a84df4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteW

ws2_32

WSAStartup

iphlpapi

GetAdaptersInfo

Sections

KOHGGFTR
Size: - Virtual size: 400KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

KOHGGFTR
Size: 288KB - Virtual size: 292KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE