NEAS[.]ebf6357200f3d33b0a1e6b6e00047740[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ebf6357200f3d33b0a1e6b6e00047740.exe
Size

5.3MB
MD5

ebf6357200f3d33b0a1e6b6e00047740
SHA1

bfd97f7ee396edb603fa39b8baef13a75ff3d9a7
SHA256

7a2557aa72e1fd97199234ba698bb997c73ab08c904698ee7e027db59c5a5297
SHA512

6be7b733d4e71c0efa3afe1ea7041de9db2dcc9b07a0216a66053309db4b62c345ef31b6fdde276b6b856586166a795527e8c43a28035ca6b04c7d75d1a8d5a9
SSDEEP

49152:MxTSLkPa7syGHslXHdFwuatg1qzxfS8TG+g+h6dvrBV1gerPxHxmbuio8g3Qy0HN:sTuEa7s3MlXjn1upkgSXck1k1kykak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ebf6357200f3d33b0a1e6b6e00047740.exe

Files

NEAS.ebf6357200f3d33b0a1e6b6e00047740.exe
.exe windows:5 windows x86

96778352d99ca84b52328b0725ee1935

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow

advapi32

GetUserNameA

shell32

SHFileOperationA

shlwapi

PathMatchSpecW

psapi

GetModuleFileNameExA

wininet

DeleteUrlCacheEntry

gdiplus

GdipGetImageEncodersSize

Sections

.MPRESS1
Size: 1.1MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE