39005249396ddbb1b3e9af3e645ddc80_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39005249396ddbb1b3e9af3e645ddc80_NEAS
Size

45KB
MD5

39005249396ddbb1b3e9af3e645ddc80
SHA1

cd958698cc8e09a1dc6d5695696da0e9b8177300
SHA256

167f05db08cb45de93841f6e16d3d3fa866452f6c58c848c69ab0117a1827437
SHA512

7e06bd699764b193331df5c7fca41e42e003b2482b2d868fbe257b65e1657d47e650b6c8df9e62f8feedddb7c67e8ec2cb2e051c3c40063ee6407193e867fd2a
SSDEEP

768:ErzG1MKrWtSye3g1/TN8dbkIGf9/DILRrhc:Eu1MK6tSy6g1/TKdXGf9/DIL/c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39005249396ddbb1b3e9af3e645ddc80_NEAS

Files

39005249396ddbb1b3e9af3e645ddc80_NEAS
.exe windows:4 windows x86 arch:x86

e95e3c19c1b1846eddfe9b97188d572c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileA
CreateMutexA
CreateProcessA
CreateProcessW
DeleteFileA
ExitProcess
GetCommandLineW
GetModuleFileNameA
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
HeapAlloc
ReadFile
SetFileAttributesA
SetFilePointer
WriteFile

ntdll

NtFlushInstructionCache
NtOpenKey
NtProtectVirtualMemory

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE