NEAS[.]cc9d94c16eac53c10983ef5281994620[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cc9d94c16eac53c10983ef5281994620.exe
Size

291KB
MD5

cc9d94c16eac53c10983ef5281994620
SHA1

02d7fe9247c4fbd22884c7bcd257567bc91689af
SHA256

2c37c4d7d25ee91b05a7cdb98ca9df39a35ed449f75c579a913c61be34dba311
SHA512

0cf4eb232d3d8f5d91fea0117e13a0f5d26a86c722d043d01902d619aa61d987dfb7ed3673733c5ae3c64aadac44c50882ab10d19700bc0bd899b23a8df847d7
SSDEEP

6144:zCKw0+tZvozAx9/dpwwyQHhjqZDq8NjPCjEGpAJiJ/L4IJ:2JH0Ze8NzIWez4IJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cc9d94c16eac53c10983ef5281994620.exe

Files

NEAS.cc9d94c16eac53c10983ef5281994620.exe
.exe windows:5 windows x86

0f8f365fd263ee2eb3ef080790a84df4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteW

ws2_32

WSAStartup

iphlpapi

GetAdaptersInfo

Sections

KOHGGFTR
Size: - Virtual size: 400KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

KOHGGFTR
Size: 288KB - Virtual size: 292KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE