NEAS[.]b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4fexe[.]exe | Triage

Sharing

General

Target

NEAS.b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4fexe.exe
Size

17.2MB
MD5

925b24e015594a31f27b664408d5790b
SHA1

34da1ed812040a8537e35fa985bb5a391170df24
SHA256

b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4f
SHA512

a54d03cc68002635fb1fdd12853777993563cb145a4315fc32c0e66f920b7f43e9030f8b8aedb64199b6872d9bc778f2e13fca7d59d764fbff8a8aef6b4c4f7c
SSDEEP

393216:5/dAyQ3aVYQ3wjvRj4tKEP3VgDePlbYfOPtYu:VdAj3aOvRXSlgDePlEfOlYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
NEAS.b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4fexe.exe

Files

NEAS.b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4fexe.exe
.exe windows:6 windows x86 arch:x86

aa6e964c1781a95ce30f963bf4c4ec2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cgK
Size: - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uAk
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2EL
Size: 17.0MB - Virtual size: 17.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ