NEAS[.]c83e03200675e65e9954a88c8bf6b020[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c83e03200675e65e9954a88c8bf6b020.exe
Size

10KB
MD5

c83e03200675e65e9954a88c8bf6b020
SHA1

cafc55b0c00fbe71dcc53625e515b9b0d3f8d3c7
SHA256

26406fda584af7f9b274d9bf8717c261c9008344638fa3a392a3c093b66567c9
SHA512

316554af6bd766becf6b8124d8d3a51f06f8fbc652ae4e2d879fddc11b285b3583633c3402d096ca600543a51b63be264657aff2aab8a90122b2c5c8997f1e2b
SSDEEP

96:3rzYSfIwlmpP45VTIfIWJOvymk/VIPS78sX5x:ICG4rTIfIWtmkNIP4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c83e03200675e65e9954a88c8bf6b020.exe

Files

NEAS.c83e03200675e65e9954a88c8bf6b020.exe
.dll windows:6 windows x64

c931aae30bce43db062829aea7b11939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

RtlSetLastWin32Error
NtTerminateProcess
RtlInitUnicodeString
RtlNtStatusToDosError
NtClose
DbgPrint
RtlExpandEnvironmentStrings_U

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ