NEAS[.]766f6d2a47e0573828557cab445f8520[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.766f6d2a47e0573828557cab445f8520.exe
Size

29KB
MD5

766f6d2a47e0573828557cab445f8520
SHA1

25b40e882e67a2228a886b06badaff0330a7924d
SHA256

d3c485d12bd48c75fab6f4213cf16ff30c6bd029d4f206a808066af38e2be2e6
SHA512

3315276d3050d10ddeeb3fdfadc7b22cdbdba538c85cb698a8cc02e0fc2d1695efaca2e958dd940c6eadb0202e2d934c6a97fc6c52702f7f964b381760e58c89
SSDEEP

768:34i+a03sghkjhfYytyEczHy12Qr56n+RFAoHVE32tHq:LWgya1PWWK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.766f6d2a47e0573828557cab445f8520.exe

Files

NEAS.766f6d2a47e0573828557cab445f8520.exe
.dll windows:4 windows x86

929278932fedbda9edfcdac8b083cd1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfrts32

_mFg2star_init_dll
mFt_load_ldnames
_mFerr
_mFentry
_mFargt
_mFg2star_fast
_mF5216
_mF5213
_mFfindp
_mF5122
_mFgCE
_mFgAE

kernel32

TerminateProcess
LoadLibraryA
VirtualAlloc
HeapFree
HeapAlloc
WriteFile
DisableThreadLibraryCalls
WideCharToMultiByte
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

Exports

Exports

SGSUB009
XSGSUB009

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CBLLD2
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ