NEAS[.]dc2d092308780248f4d2728e289dc520[.]exe | Triage

Sharing

General

Target

NEAS.dc2d092308780248f4d2728e289dc520.exe
Size

66KB
MD5

dc2d092308780248f4d2728e289dc520
SHA1

99b25addd22e23d0d1f7e110806a1e7428f4bb8a
SHA256

93db88b17010b96a6adde32700bb0d51eb4dda1e3a0fc684af0b56ded9ebc8cb
SHA512

6c9cfcf66caf0684e09509bf06e00de899ed8c736b31d91f210bfd3f95da3e08ad5aa7b12f99ab334c5fb28de4172b8f69107dc043dd26295d96100ec0f4793f
SSDEEP

1536:/z2zA8l2QcwVpXGwyY9Dk3Whdeg7Tn7I19aK:/z2zVl2QBvx9Q3G8kT7I19f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.dc2d092308780248f4d2728e289dc520.exe

Files

NEAS.dc2d092308780248f4d2728e289dc520.exe
.exe windows:4 windows x86

0a366272284deab14cb0a29c151042a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EscapeCommFunction
WerpInitiateRemoteRecovery
VerifyScripts
GetTimeFormatEx
InterlockedDecrement
DebugActiveProcess
SleepConditionVariableCS
OpenWaitableTimerW
SetThreadpoolWait
SetVDMCurrentDirectories

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE