NEAS[.]2bfac7f0fd860862b8666364177c12c0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2bfac7f0fd860862b8666364177c12c0.exe
Size

41KB
MD5

2bfac7f0fd860862b8666364177c12c0
SHA1

67687245631ab5daabbc3d76c579dba330019741
SHA256

233105ed625a8ba69216eed5703c59862e944cafaf1dc1013b1a73169eb69007
SHA512

979c8dd485bb807b8baaf5a8dde6853a59a98dc555ee9689dc72d952e936da983668adf53aaee414f0cbc5aca3132c7327d972ca32c31531bb3c845871f595bc
SSDEEP

768:aaZm9kbdKZLCCIyffDxzbyYRiOcEsBCcgTAsWDX6wjdtzM4Bw:lZ4kbzNyZyYRRcgTAs+KwjdtzM4Bw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2bfac7f0fd860862b8666364177c12c0.exe

Files

NEAS.2bfac7f0fd860862b8666364177c12c0.exe
.dll windows:5 windows x86

b22af87d2c40d29e3d1950e4aac1a9f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlSubtreePredecessor
RtlRealSuccessor
ExFreePoolWithTag
ExAllocatePool
KeReadStateMutex
IoAttachDevice
KeSetTimer
RtlRealPredecessor
IoAllocateMdl
ZwOpenEvent
KeClearEvent
RtlCreateHeap
VerSetConditionMask
RtlFreeHeap
RtlInitUnicodeString
KeSetEvent
RtlDestroyHeap
KeInitializeEvent
RtlVerifyVersionInfo
RtlFreeUnicodeString
RtlAllocateHeap
KeWaitForSingleObject
KePulseEvent
RtlxUnicodeStringToOemSize
memcpy
memset

Exports

Exports

_GetFirmware@8

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ