NEAS[.]906c79f0a6d0bb95edc8b80c645c92e0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.906c79f0a6d0bb95edc8b80c645c92e0.exe
Size

5.9MB
MD5

906c79f0a6d0bb95edc8b80c645c92e0
SHA1

d0313c8f547f0edebc3666f24cd190bed966e7ad
SHA256

43aefc9688ba442bfcf62dfd1cbcb73ee88ef0e3ec66e2b27a76e243d4d5d018
SHA512

15f97857e6722424fd973ea74567753deedd48f2c0ce96f457c7f2c4a04faeca1c62a3f078eecda1ff6a7b289c4a91903b8f2c2c834c46cc28250837c322ec7d
SSDEEP

98304:r6d00ygO5bjBr+nwTsmfkJ6TylfbQ5UkAZhrBlfYVgkH5lgNmHZ8I:r6O0ygO5pr++smcJOylfbsUsVTHjv5n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.906c79f0a6d0bb95edc8b80c645c92e0.exe

Files

NEAS.906c79f0a6d0bb95edc8b80c645c92e0.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 878KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 832KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 50KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.winlice
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ