NEAS[.]40f9ef8ad64643a23919e532dd645290[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.40f9ef8ad64643a23919e532dd645290.exe
Size

66KB
MD5

40f9ef8ad64643a23919e532dd645290
SHA1

36a4d26b2581c58399dc4368b2f946ee4265a877
SHA256

893656cec4c1e68e86bd513ad6a4c896d977c6866ce91592252d305747aad885
SHA512

6ab281febb5c3e1ca2e9c4c9415eb241616d160c551246ee750d5e60836fcd51b420a8f4b1da11c1769aab2c3976c789f2e0500fa89dbc6024ce3576afdf648e
SSDEEP

1536:2TNI76tWqZ2DvAkI0CxG8AEPELuWR8xisPd1vKaprT27IIlp:aS76IqoDE0ejwaXrPxO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.40f9ef8ad64643a23919e532dd645290.exe

Files

NEAS.40f9ef8ad64643a23919e532dd645290.exe
.exe windows:4 windows x86

def7228e2b1ed40a149758cc87b05bb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy
SetConsoleActiveScreenBuffer
QueryInformationJobObject
SetConsoleHistoryInfo
QuirkIsEnabled3Worker
EnumerateLocalComputerNamesA
GlobalLock
K32QueryWorkingSet
FlsGetValue
CreateMutexExA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE