NEAS[.]e0f0f1912a492ca33aefc46c2eb23280[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e0f0f1912a492ca33aefc46c2eb23280.exe
Size

1.6MB
MD5

e0f0f1912a492ca33aefc46c2eb23280
SHA1

c6ec453bff100ef5b6f9e6d9f800d3d85567ade5
SHA256

20304a1700624f3c1d18dc4a2e9b15029f15c8bf6113a1770083f3cab2003413
SHA512

97e6c10f1b0209e0cd824c834563b14c7d03ef1d5075b4e9c219c39b2a1e33e49464ff560e25a0f51b10dd03c0f6541dda827179370e63c0c5a1d58a9237d85d
SSDEEP

24576:bluFAEsIQLfsDrrhvlV8CMD8aBpMWzmo2t+aSfunE3S9xt8IIKawTTqOjCrM:5uerLY59aDXmoLaRUS/t8Ia9Oj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e0f0f1912a492ca33aefc46c2eb23280.exe

Files

NEAS.e0f0f1912a492ca33aefc46c2eb23280.exe
.exe windows:4 windows x86

51cf73a88062822f31571d7bb35b5b2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
BaseCheckAppcompatCacheEx

mfc42u

ord6774

ntdll

RtlPublishWnfStateData

Sections

UPX0
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1Cx:
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yX.9Wi
Size: 512B - Virtual size: 128B

.l1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2ZUy
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ