NEAS[.]347bce8484c26eca4600cc7eab9001a0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.347bce8484c26eca4600cc7eab9001a0.exe
Size

2.6MB
MD5

347bce8484c26eca4600cc7eab9001a0
SHA1

842dc87577ca833d5780d95e6e78fc3988d7ab85
SHA256

1ad208577e217f765b286a303f883ba2b20ef3a819d975049979ed2236ef7cc3
SHA512

a558a9a99e6825456a7cb636ae11e159fa898baa8842dd00811075a2063ec32e42e6a718477a3423cb89ce159c582e4d16c55068d192f900fba438368a99a6fa
SSDEEP

49152:GcNTqP6o0xGOJL49iLw2smRPu/jH+jRcVZUHB+MJWTIUWIeS:GCqPaZLZc0aocVyB+uW9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.347bce8484c26eca4600cc7eab9001a0.exe

Files

NEAS.347bce8484c26eca4600cc7eab9001a0.exe
.dll windows:5 windows x86

236c0c1c89c0f8a5bb02585fd3934dc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

SelectObject

setupapi

SetupDiDestroyDeviceInfoList

lz32

LZRead
LZOpenFileW

kernel32

LoadLibraryA
GetUserDefaultLCID
GetSystemTimeAsFileTime
IsBadCodePtr
GetModuleFileNameA
GetLastError
OutputDebugStringA

advapi32

QueryServiceStatus

ole32

CoTaskMemRealloc

oleaut32

SysAllocStringLen

shlwapi

ChrCmpIA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ