NEAS[.]edc636e2f0a7f662fdefc0f08497c820[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.edc636e2f0a7f662fdefc0f08497c820.exe
Size

317KB
MD5

edc636e2f0a7f662fdefc0f08497c820
SHA1

78b2f0e899008ee88c561b4c35075865dd8b1ce0
SHA256

cc7219166b91f1f098ea7a04aa8897f2d6c245a59d4e43068828bad95643dfac
SHA512

38262e3cb5175bd2b4df460e05d85628794f142d86ca3f2f44674d0634a27d8f42faac33b6010249104be1691eb57ba5af48605eb91f84d88a2d3605e6c4d941
SSDEEP

6144:Xr5b1v1tm1gq6PBNELGsrIHXuAzW6dkrTwSE0oAR2/y4l9jxSi2ohp5rn4d1x:NJve1NuNEyBXja6dkrcnqyz9jp/rn+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.edc636e2f0a7f662fdefc0f08497c820.exe

Files

NEAS.edc636e2f0a7f662fdefc0f08497c820.exe
.exe windows:4 windows x86

cbfad0d83668b6bbe54453d4510ea62e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleCP
GlobalFree
EnterCriticalSection
CloseHandle
GetPriorityClass
SetErrorMode
RaiseException
VirtualProtect
LockResource
GlobalAddAtomA
GetLastError
GetStdHandle
GetACP
SizeofResource
GlobalDeleteAtom
Sleep
GetTimeFormatA
HeapCreate
GlobalUnlock
MultiByteToWideChar
LoadLibraryExA

user32

IsIconic
GetCursorPos
GetActiveWindow
ValidateRect
GetForegroundWindow
GetClassInfoExA
GetParent
DrawEdge
GetFocus
GetWindowTextA
AnyPopup
GetMenuItemInfoA
ShowWindow
ReleaseDC
GetWindow
GetClassNameA
EndPaint
BeginPaint
DrawMenuBar

mprapi

MprAdminUserOpen
MprAdminUserClose
MprAdminUserRead
MprAdminUserWrite
MprAdminUserGetInfo

mapi32

MAPILogonEx

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ