NEAS[.]abbb4b5a3f0b7265043f3d21849e4a60[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.abbb4b5a3f0b7265043f3d21849e4a60.exe
Size

491KB
MD5

abbb4b5a3f0b7265043f3d21849e4a60
SHA1

dc9600aab006d9e9dd8308b8d33c700c35298bda
SHA256

b6833d6bec6f41301b3c3010b45db1067b1ff871ae0ebc599627a58e7716e755
SHA512

38cd72ad282ad883a3c55c8872ea7b8ccab08a4acaecc1dc6536a67c7a16114d848c2be661d6125123ff29c66f0618cb5bd7851662de9fb1c1b8b6da0f3414df
SSDEEP

12288:IpbgM2FJyrKN5avDFEUModJ01KRgsRj3Y+1q3M+tfHr:SgM2eryarbv+KRgclg7fHr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.abbb4b5a3f0b7265043f3d21849e4a60.exe

Files

NEAS.abbb4b5a3f0b7265043f3d21849e4a60.exe
.dll windows:4 windows x86

d765675b48d7b33e1709a34f545bfd5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

lstrlenW
lstrlenA
GetLastError
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime

msi

ord32
ord51
ord8
ord116
ord74
ord160
ord159
ord73
ord124
ord49
ord17
ord121
ord103
ord145
ord34
ord64
ord118

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

msvcrt

_vsnprintf
_XcptFilter
_onexit
__dllonexit
_except_handler3
_adjust_fdiv
malloc
_initterm
free
wcstol
wcsstr
_vsnwprintf

Exports

Exports

DWSensSchedule
SetupDWSensMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ