NEAS[.]0319f54d973e820bca886983071251b0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0319f54d973e820bca886983071251b0.exe
Size

80KB
MD5

0319f54d973e820bca886983071251b0
SHA1

d2fbd724ea31efe1539fe8afed9fb54ac71dda64
SHA256

268692a4446b614713226e9aaa8a3430d75bbed8264358dbb77ef75931bbc38d
SHA512

82ee6fcef478b6d2a5b1c650b0506a7ab7737f6a2b634e75444735cca9d67def4ce60e7c2403250667f77756590733d3fab60893d3f598298607272236f2e6b2
SSDEEP

1536:6dpoIFKsx+9UiW6V7HqDor+LgWL/MsNz:Wrx+9vqMyh/hNz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0319f54d973e820bca886983071251b0.exe

Files

NEAS.0319f54d973e820bca886983071251b0.exe
.exe windows:4 windows x86

60ede589e78871be81362500271b2ec1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mspdb60

?Open@PDB@@SAHPAD0KPAJQADPAPAU1@@Z
?open@NameMap@@SAHPAUPDB@@HPAPAU1@@Z

msvcrt

printf
strerror
_close
_iob
_unlink
fflush
_read
_errno
_open
signal
_lseek
_write
fseek
_ismbblead
getc
ftell
fopen
_stat
_vsnprintf
_mbsicmp
sprintf
_mbsrchr
_ismbcalpha
_mbschr
_getcwd
__p__pgmptr
_utime
exit
free
_makepath
_splitpath
_mbscmp
calloc
realloc
_findnext
_findclose
_findfirst
toupper
_mbscspn
__dllonexit
_onexit
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
isupper
tolower
islower
_mbsinc
_stricmp

kernel32

LoadLibraryA
HeapDestroy
GetProcAddress
HeapCreate
HeapAlloc
HeapFree

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ