NEAS[.]b616cc09362a45f554886eb3f47745e0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b616cc09362a45f554886eb3f47745e0.exe
Size

66KB
MD5

b616cc09362a45f554886eb3f47745e0
SHA1

339a19c82a82fb27defd33098557a594a19cfe95
SHA256

17d7fe55a9b634519112939f26830aa8480c0e04a151eee14a018ffcfab63e4e
SHA512

e83de3c97b937b033a1aa1469662ca92fb5a2bc8460f68df90475779918714cee9def16c74775ac7c7d4db53caeb7bd50859e44d4ebc0dcda01bc6418b61472a
SSDEEP

1536:JCji3FULWzy1tTqalDKwJ6exlk6gd12rVezAjS7/wPy:J6i3FVM9qiX6eV412Jwb71

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b616cc09362a45f554886eb3f47745e0.exe

Files

NEAS.b616cc09362a45f554886eb3f47745e0.exe
.exe windows:4 windows x86

00c3b48c93d362474b1f17d0f7588b80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetNumaProcessorNode
DuplicateEncryptionInfoFileExt
SetConsoleHardwareState
QuirkGetDataWorker
SizeofResource
CreateDirectoryTransactedA
GetBinaryType
Heap32First
IsDebuggerPresent

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE