5cb11420b49b0b060161759fbac3ce40_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5cb11420b49b0b060161759fbac3ce40_NEAS
Size

1.4MB
MD5

5cb11420b49b0b060161759fbac3ce40
SHA1

21369946170a60cf1b8002e22f12097e7b8598c4
SHA256

205c084a6834e522a0d1eefd52b2eb9a2454e1c74227fa6fd22d31fea7fd87d3
SHA512

4928f1abd19c87e97ee64f439c32268a0bbde035357ab6da1f03fd89706c392686002ca97846fb3bdfafbb24b4127c03a3cbd5a1d43364ae8ae0375404239d0d
SSDEEP

24576:8V2/Uf5LynOx/IZ6E2MfVPB2uYE+Z8XYNkOw:O2/IIOx/5EldJOjyXMNw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cb11420b49b0b060161759fbac3ce40_NEAS

Files

5cb11420b49b0b060161759fbac3ce40_NEAS
.exe windows:6 windows x64 arch:x64

bccb8f37e95ac02b8b87ba11ef46f655

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
ReadFile
GetPrivateProfileStringA
GetSystemInfo
GlobalMemoryStatus
GlobalMemoryStatusEx
GetModuleFileNameA
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
GetCommandLineA
WriteConsoleA
GetStdHandle
CreateFileA
DeleteCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
CreateThread
CreateEventA
InitializeCriticalSection
WaitForMultipleObjects
HeapReAlloc
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetCurrentProcess
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
OpenEventA
WaitForSingleObject
UnmapViewOfFile
VirtualFree
CloseHandle

user32

MessageBoxA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE