NEAS[.]f7763fab054ab597e74dc7e77b2cfb30[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f7763fab054ab597e74dc7e77b2cfb30.exe
Size

144KB
MD5

f7763fab054ab597e74dc7e77b2cfb30
SHA1

0a9dc92e28875771feaa3766b895bd7a94aaed79
SHA256

029daaf7426edae325c9e5bb75ac1df9708287455dfc865b037799bbff0a3126
SHA512

714ebc1ea875943196193bf45d1db285c6bbd976d0ad4a4711ba38bf2911e754daaeacd39f7db2a37b57ce1480bb00cdaed262c912af089924508374bdd86764
SSDEEP

3072:ynNOu3ap01kqMTue72EMD26/+4TFTHugCoReiVWeJfefVUxy:MKp+kqKt72EMiA+4TFbIyVWeU2xy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f7763fab054ab597e74dc7e77b2cfb30.exe

Files

NEAS.f7763fab054ab597e74dc7e77b2cfb30.exe
.exe windows:1 windows x86

84b346c4696dd5bf782e43918d6653c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind

user32

GetCursorInfo

crtdll

__GetMainArgs
exit
raise
signal

ntdll

RtlInitUnicodeString
RtlFreeHeap

advapi32

RegOpenKeyExA
RegQueryValueExA

ulib

?Usage@PROGRAM@@UBEXXZ

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc2
Size: 313B - Virtual size: 313B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE