NEAS[.]6a1d863374427913a09fbc3bb565a1d0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6a1d863374427913a09fbc3bb565a1d0.exe
Size

638KB
MD5

6a1d863374427913a09fbc3bb565a1d0
SHA1

d042296a6b8db764ebed983989cb64800a87e8d4
SHA256

f8167157310c705b5555b9dc69c1bbcc55845dee80bbbbc4097818e932ec0e1b
SHA512

637b2e054d1e716cc1cb18ac2d99b42645097b382861ff4e462da903361e6ff5f4b27c9e2def7a292a84e9bc34cef44fbe50713a1aae234bc72ce55b97d52972
SSDEEP

12288:0EQoSCbvz2UShbg5NPo2KfWDnptV2lW07XkC/OoPDg1Q4/TvUWGN1:0CvCZSNwCpj2lZ7X9TDg13y

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6a1d863374427913a09fbc3bb565a1d0.exe

Files

NEAS.6a1d863374427913a09fbc3bb565a1d0.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ