NEAS[.]527019fef5e09991c20669a57dce9480[.]exe | Triage

Sharing

General

Target

NEAS.527019fef5e09991c20669a57dce9480.exe
Size

66KB
MD5

527019fef5e09991c20669a57dce9480
SHA1

3565de960d42270c713f42d1c681a23a1577164a
SHA256

50f88c732202043178a01cf6f1e947896e53f6be326de50f98c95af0beb66ecb
SHA512

222c61e0c483920b3d38d85ff37c4cba070c5d45e0fc1cd52a3e36275b46d4c21baa6481241c25697701cd9e4b4b10f32e8bbd1b8a071f026c4e2f8169c4dec0
SSDEEP

1536:bgCWxddXu2Ahx/kqGRpS36gCzY8wpDCj3c/:XWxdclhx/kqGRpc6opDCDc/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.527019fef5e09991c20669a57dce9480.exe

Files

NEAS.527019fef5e09991c20669a57dce9480.exe
.exe windows:4 windows x86

17ac7b248bc578e77299a4713fc8d1e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommMask
Wow64DisableWow64FsRedirection
DeleteBoundaryDescriptor
ResumeThread
lstrcpyA
Wow64GetThreadSelectorEntry
FormatApplicationUserModelId
QueryPerformanceCounter
GetConsoleCommandHistoryW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE