NEAS[.]a74c90ebf3e8a268f18e4b3411635aa0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a74c90ebf3e8a268f18e4b3411635aa0.exe
Size

3.2MB
MD5

a74c90ebf3e8a268f18e4b3411635aa0
SHA1

2484bf83aad102e812010772e2f180ad81303109
SHA256

4b5085850e663f50b9369730cfbc4e5c63de19a9edb9564e2a053d47485c2e51
SHA512

298614677db7bf760f009c7d668c782ab54fa778a3ac7f938f2006dfc97436e5c7484fcfaedd96916407db9d3f27704d28159df87637694ded7abf0c29f1d889
SSDEEP

98304:tQu3Xyx+EnucXxsHmJ9R98Ldvff3o7r1CWz:K6XyxPqGJ9ig0Wz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a74c90ebf3e8a268f18e4b3411635aa0.exe

Files

NEAS.a74c90ebf3e8a268f18e4b3411635aa0.exe
.dll windows:5 windows x86 arch:x86

e7acbd84e3561f5635ca51d6b4720567

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiDestroyDeviceInfoList

kernel32

OutputDebugStringA
LoadLibraryExA
GetModuleFileNameA
GetSystemTimeAsFileTime
GetProcessHeap
GetUserDefaultLCID

oleaut32

GetErrorInfo
SysAllocStringLen

gdi32

SelectClipRgn
FillPath
CreateICW

lz32

LZInit
LZOpenFileA

advapi32

ImpersonateAnonymousToken

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.9MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ