NEAS[.]afdd0b3d62c6953da9d652139711e2a0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.afdd0b3d62c6953da9d652139711e2a0.exe
Size

80KB
MD5

afdd0b3d62c6953da9d652139711e2a0
SHA1

10dffd028fae9ed1e9b1a2693cefe1ac3b625bb6
SHA256

8bd2f3ff8225f5fab028badce80816e90584a9354331bd2bed5a2c1f34f0a306
SHA512

649751bde506df02e4774cafa7ce8eb0e86b2bc1851ac3b0b66905b299227ea90375540b0ff8116a967b5a46c21854f043dfe6ffcc5f71aaa43de47ee8910bc8
SSDEEP

384:cbetIoQUDVPy47N4CJDE4S6i+hdxPN3FdDs:cbJWq47nFS6Xxl3FdDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.afdd0b3d62c6953da9d652139711e2a0.exe

Files

NEAS.afdd0b3d62c6953da9d652139711e2a0.exe
.exe windows:4 windows x86

75e40c165946a7fa05bb72f5d32e3a17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
IsBadReadPtr
WriteFile
ReadConsoleA
GetTickCount
GetModuleFileNameA
CloseHandle
HeapAlloc
GetFileSize
CreateFileA
GetEnvironmentVariableA
DeleteFileA
MoveFileA
FreeLibrary
GetProcAddress
LoadLibraryA
ExitProcess
GetModuleHandleA
GetProcessHeap
SetConsoleTextAttribute
SetConsoleTitleA
ReadFile
GetStdHandle

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam

user32

wsprintfA
MessageBoxA
wvsprintfA

msvcrt

strchr
_ftol
modf
free
srand
rand
_getch
atoi
malloc
sprintf

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE