48f5f4cfc6a758a1af4aa204fae676d0_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48f5f4cfc6a758a1af4aa204fae676d0_NEAS
Size

120KB
MD5

48f5f4cfc6a758a1af4aa204fae676d0
SHA1

036822bae0df81b582295fba02230445e84c3377
SHA256

e794e122b2f553fa70bb34f3552f1cb40346f250e35a0e4a71c6ec2454e84121
SHA512

bfed5ba0be1a6748b0a6c1e450f36a1f268828fdaa70e92e2790e56da444efeb9e6dabc29d4559f82bd112fa0f76ec916d4d51612eac3bde8fd205d5aaeb6f41
SSDEEP

3072:a36zd+sCA+Vun8t2xXkSjRI0swok3scV9:a8dd9CsX2JwoQb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48f5f4cfc6a758a1af4aa204fae676d0_NEAS

Files

48f5f4cfc6a758a1af4aa204fae676d0_NEAS
.dll windows:4 windows x86 arch:x86

0f44bf2b3b0b8d5ecae5689ff1d0e90d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTickCount
lstrcpyA
lstrcatA
lstrlenA
GetTempPathA
SetErrorMode

user32

wsprintfA

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ