NEAS[.]e8ff32ba7f486d20c7f03f3c791eaad0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e8ff32ba7f486d20c7f03f3c791eaad0.exe
Size

120KB
MD5

e8ff32ba7f486d20c7f03f3c791eaad0
SHA1

a9720746e13f9e1bf48be95e3118a1ec45f1093e
SHA256

1cbd0386c2fe9f2750fbf7ae8fca2fcf3361c8a65405784c8e9d847ef1c1b885
SHA512

f319a93587fcfe90b000f58139fd33cfe0a216e0ece616b0ae061bf2ff2a896e8741d8fb909d1aa6b8a63d76b956f84a8aa6020402f3bc75b8d778f339413325
SSDEEP

3072:DjzhZWxivgmhbI/pqqsFUCN3R961I+WpgvyDFe:DXC4vgmhbIxs3NBjpuyDM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e8ff32ba7f486d20c7f03f3c791eaad0.exe

Files

NEAS.e8ff32ba7f486d20c7f03f3c791eaad0.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.btnj
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.s
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE