NEAS[.]a4cb38886b8c5024daa0afa9484c7d50[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a4cb38886b8c5024daa0afa9484c7d50.exe
Size

108KB
MD5

a4cb38886b8c5024daa0afa9484c7d50
SHA1

318a4f5b2221351bd857fa672ad07cfab785471b
SHA256

cd8a911b4cd0e0ce884db3cf3886d062b5d8001099ab3a05d62c06625cfdda65
SHA512

27e4f3df599e89ad5a2d5fff2e14b65e27cd6d29478340dd052ab8f0a2bd2566ab1381857517012f8624ae5293390ea48abf1ad2d228e438ee23dfd81890df58
SSDEEP

384:qz5JS3LWnNY2mlvBoZ8l1XkJyygMd1ljJUjn3eZCXjo9lPqi11:C5eSQlNyyfE1ljJUjn3Zjo9lCi11

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a4cb38886b8c5024daa0afa9484c7d50.exe

Files

NEAS.a4cb38886b8c5024daa0afa9484c7d50.exe
.dll windows:4 windows x86

0ae0ea0898bb63c51c37ccb61ff6c508

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStringsW
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetCommandLineA
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

??0CGinseng@@QAE@XZ
??4CGinseng@@QAEAAV0@ABV0@@Z
?DecodePWD@@YAHPADH0PAH0H@Z
?EncodePWD@@YAHPBDHPADPAH0H@Z
?fnGinseng@@YAHXZ
?nGinseng@@3HA

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ