NEAS[.]481ebe1939d252060118668a847b65a0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.481ebe1939d252060118668a847b65a0.exe
Size

95KB
MD5

481ebe1939d252060118668a847b65a0
SHA1

cbc935d0516695d9c35e873866bcd9ab6e1d45e0
SHA256

965be9e1e51783e17e1d8cfb760cd62ffd35f246be0f844a31825cf94a4cf665
SHA512

905681a35abb221b79fed4ed0ded097e74e46fe03f9b1e4bc77b5871cce4b08cffc97989a911a09539df7c55d36b5a6591ef9a7441df8e07be27f45421b133ab
SSDEEP

384:cbetIoQUDVPy47N4CJAE4S6i+h6xPN3FdDs:cbJWq470FS6Axl3FdDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.481ebe1939d252060118668a847b65a0.exe

Files

NEAS.481ebe1939d252060118668a847b65a0.exe
.exe windows:4 windows x86

75e40c165946a7fa05bb72f5d32e3a17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
IsBadReadPtr
WriteFile
ReadConsoleA
GetTickCount
GetModuleFileNameA
CloseHandle
HeapAlloc
GetFileSize
CreateFileA
GetEnvironmentVariableA
DeleteFileA
MoveFileA
FreeLibrary
GetProcAddress
LoadLibraryA
ExitProcess
GetModuleHandleA
GetProcessHeap
SetConsoleTextAttribute
SetConsoleTitleA
ReadFile
GetStdHandle

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam

user32

wsprintfA
MessageBoxA
wvsprintfA

msvcrt

strchr
_ftol
modf
free
srand
rand
_getch
atoi
malloc
sprintf

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE