NEAS[.]913dab1ce2785c0fdf6ffe4ee7771a80[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.913dab1ce2785c0fdf6ffe4ee7771a80.exe
Size

156KB
MD5

913dab1ce2785c0fdf6ffe4ee7771a80
SHA1

98faccdb536131290c0fbc8d5b44674f82aab86a
SHA256

e96b1090ab7470c1ede665dd4bae5afe72eecd5a57f3961ac22ab4afbae1d0f8
SHA512

28969d8036fc7aeab541d2997b586a9fa87ecfb4ffaddcc3fb27483da379f5980396a70b3bcf641789501750b7eac8c3561ba2638e1aa95df3a55c909369dd6f
SSDEEP

1536:vxmzZjV0MDOTy560+/8vnTHUgzF5nNFxNcAlOfixcjvBoTaQnZC01IKBHZy+:v7fb0vT/3FxNPlIixcrBoHMKn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.913dab1ce2785c0fdf6ffe4ee7771a80.exe

Files

NEAS.913dab1ce2785c0fdf6ffe4ee7771a80.exe
.exe windows:4 windows x86

e46e4505d186be757398fe0a45b3689c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

calloc
free
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
strcpy
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
memcmp
??2@YAPAXI@Z
memset
__CxxFrameHandler
memmove
_ftol
__setusermatherr
??3@YAXPAX@Z

kernel32

GetModuleHandleA
CloseHandle
Sleep
LoadLibraryA
GetProcAddress
GetStartupInfoA

advapi32

LookupPrivilegeValueA

ws2_32

select
gethostname
recv

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ