NEAS[.]31d48e54aa782a90d22f9036e8f7f640[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.31d48e54aa782a90d22f9036e8f7f640.exe
Size

84KB
MD5

31d48e54aa782a90d22f9036e8f7f640
SHA1

84088fa8d3545737a3f0fccfb4909dec6d7f4361
SHA256

c0ff0d93a71e4afa475f019c32103d3ade16b57d1b126ccf0bcacf5a44b04648
SHA512

4925abf5eb7e949d384bf28831c4b820d6a26e01c07820e7f1ca4461cd23416989e22cad9132b496f50d7b3b5e82115433241873bcef41326670a418434a6880
SSDEEP

768:oXw1h4HYvmULjiUb/UJu00FBJlbtc0sDCjQGcMxxhJDQq5fHte3isgTUwcFJ0bpm:sw1nf533Xc/Dgc+D7fHtePgzcOy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.31d48e54aa782a90d22f9036e8f7f640.exe

Files

NEAS.31d48e54aa782a90d22f9036e8f7f640.exe
.exe windows:4 windows x86

58d03667c62688f12f283d4e38624ab0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getsockname
gethostname
send
closesocket
recv
select
socket
gethostbyname
htons
connect
setsockopt
WSACleanup
WSAStartup

msvcrt

realloc
free
_except_handler3
malloc
atol
strncpy
exit
rand
strncmp
calloc
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
_strnicmp
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strrchr
??2@YAPAXI@Z
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
_stricmp
atoi
__getmainargs

kernel32

VirtualAlloc
FindClose
GetStartupInfoA
GetVersionExA
CreateThread
CreateEventA
GetModuleFileNameA
FindFirstFileA
ReadFile
GetFileSize
CreateFileA
SetFilePointer
WriteFile
CloseHandle
Sleep
LoadLibraryA
GetProcAddress
GetModuleHandleA

advapi32

ChangeServiceConfig2A

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ