NEAS[.]82fb146be62148b5761638490ea7cc80[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.82fb146be62148b5761638490ea7cc80.exe
Size

30KB
MD5

82fb146be62148b5761638490ea7cc80
SHA1

87486cb44648515c96610523a1e00833eebee0f1
SHA256

43cf4f5d63711b51a0b1ccf815a50fae516b04298c8bae89ac8c876907ef17b2
SHA512

7c574e9dc6d99fd2008a886b51a5a86d2a39605c78b7651f225a828b8c559976630b9c8ac8ca8ae3ad4895346a5ce0860fdb2220feaf8b0ea1c742958f7bdcf3
SSDEEP

768:YrX3LKew369lp2z3Sd4baFXLjwP/Tgj93b8NIo:sKcR4mjD9r82

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.82fb146be62148b5761638490ea7cc80.exe

Files

NEAS.82fb146be62148b5761638490ea7cc80.exe
.exe windows:5 windows x86

629683d83dde62d2c51a712422ff70e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey

kernel32

LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect

ntdll

NtClose

user32

wsprintfW

rpcrt4

RpcIfInqId

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX14hu
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE