NEAS[.]8d5536dcdc9c14908db1360ba1329870[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8d5536dcdc9c14908db1360ba1329870.exe
Size

274KB
MD5

8d5536dcdc9c14908db1360ba1329870
SHA1

1173e8dc893dbf1539b45dcf9f6010ff51055f5c
SHA256

216c76cbd3e1cce51a9d52893847cc31bc479369e9fd548f169a73cefdddda41
SHA512

51c9432dfd95cdca92bb5ac7b99730aa481b4bf5b86cfc8c9a428c57326cea1406f05da1e46bf2d34a2640d163ffc721c236545925b03d045cf00d47ffa94686
SSDEEP

6144:cZSE8UGJwiYwUfWeR7oHYnOW111mFW+q4HMKohW:E3GFY/jWHYt1yW+lRf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8d5536dcdc9c14908db1360ba1329870.exe

Files

NEAS.8d5536dcdc9c14908db1360ba1329870.exe
.exe windows:4 windows x86

4517235d6f012421e28370dfa4e6f8c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

rpcrt4

RpcMgmtEpUnregister

Sections

.MPRESS1
Size: 165KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE