NEAS[.]461496f846606f33b5eab42f7c1da910[.]exe | Triage

Sharing

General

Target

NEAS.461496f846606f33b5eab42f7c1da910.exe
Size

1.2MB
MD5

461496f846606f33b5eab42f7c1da910
SHA1

5ffa084a467bad6ce0b2fde016d0afba9acf0cf6
SHA256

2876ae25cb1ddd78b910587810b7d2666e33137e59691474590267b205f1b644
SHA512

4063468597bc1d0f7128dce78ed4f441b045f8fbd6f8eac623d5b424576840b771ac11abbefe0e914bc7fb3898c4048b5e3b0627e7d34d3c78c912b4b59719b4
SSDEEP

24576:aAsePiCwmtScZoEjfgTTx2tOpbuZKn1TvqDbD3DKLUbROvcprhmaQx7y4jm4W:1sxfmtScF4TYtOpbrn1TvqDWshmaU7lW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.461496f846606f33b5eab42f7c1da910.exe

Files

NEAS.461496f846606f33b5eab42f7c1da910.exe
.exe windows:4 windows x86

3db87e420a8b4812c071e114a9a4250c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

midiStreamOut

ws2_32

recvfrom

rasapi32

RasHangUpA

rpcrt4

UuidToStringA

user32

DestroyAcceleratorTable

gdi32

ExtSelectClipRgn

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

Shell_NotifyIconA

ole32

CoGetClassObject

oleaut32

VariantChangeType

comctl32

ImageList_GetIcon

oledlg

ord8

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: 1.2MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE