NEAS[.]12857212248719b9dc8451e367d37c20[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.12857212248719b9dc8451e367d37c20.exe
Size

108KB
MD5

12857212248719b9dc8451e367d37c20
SHA1

9da60aacec862068a9a198f2c7a1a0fea696973d
SHA256

8705248436c3013829bf2fe3273f004607042bc518819affe301c61d1e2860e0
SHA512

db3edbe6a728c05dd08086fab791222d69a3f9ba28434a0dd1900502a8530cdc05c67e9874619097ce216ff48daa2894d1e393251ef5eda408bd9240830a8598
SSDEEP

384:e9zyD8MpMCi/8Zj4y5xsjmhaBs8DT0ml1j+tYoSfudTXrQ4P+Wada+pyDs4:eRgprcK2jm0+8DktYrGBXrQrWEdpyQ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.12857212248719b9dc8451e367d37c20.exe

Files

NEAS.12857212248719b9dc8451e367d37c20.exe
.exe windows:4 windows x86

5f364992d6887ac863b382e1956031f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

LoadLibraryA
lstrcpyA
_lclose
_lwrite
_lcreat
Sleep
_lread
_lopen
GetModuleFileNameA
CreateThread
WinExec
GetLastError
GetTickCount
CreateMutexA
CopyFileA
GetWindowsDirectoryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
LCMapStringW
LCMapStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle

ws2_32

accept
recv
send
htons
socket
connect
listen
gethostname
inet_ntoa
inet_addr
gethostbyname
WSAStartup
bind
closesocket

advapi32

AbortSystemShutdownA
RegOpenKeyA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE