NEAS[.]1a876e62f7b26585dc3b7b0351773ac0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1a876e62f7b26585dc3b7b0351773ac0.exe
Size

40KB
MD5

1a876e62f7b26585dc3b7b0351773ac0
SHA1

a2821c4cd31259b160ca3499c32bfb86226130f0
SHA256

c7cb9bb68a8a5027075d37e64bfbc9d64f4c35e8f3e5a6fc431a1031fcc98467
SHA512

0798c4b9b3edf292927e4f11021b3862d303299bbe8676a4d92d17328363188a39c0c398749ead3e7d3e2adf4e1d51594c7ccf3e7d7654096f84d2ac35bd9ea4
SSDEEP

96:o4wt1/ZaO4Y0zDH7w8q/X0JnPtboynRvN5YK:M/ZaO4YUH08xP1oynRvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1a876e62f7b26585dc3b7b0351773ac0.exe

Files

NEAS.1a876e62f7b26585dc3b7b0351773ac0.exe
.exe windows:4 windows x86

b356162d7d986ba4f0c8fea5fdc1c2b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord924
ord858
ord860
ord941
ord2915
ord5572
ord5683
ord4129
ord537
ord800
ord540

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
strcat
strlen
__setusermatherr
_stricmp

kernel32

FormatMessageA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

GetPropA
IsIconic
ShowWindow
SetForegroundWindow
GetDesktopWindow
SendMessageA
IsWindow
GetWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE