NEAS[.]a85645f0ef1c1bfcd8f0576dbdaeef20[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a85645f0ef1c1bfcd8f0576dbdaeef20.exe
Size

66KB
MD5

a85645f0ef1c1bfcd8f0576dbdaeef20
SHA1

37ce989dac9fc5c9d9933361246b1992ae7c80c6
SHA256

fc620c273703c1e49e7fba2533a603f0a4a87c90f57bf836a4bf1e8c7bc61e4f
SHA512

ea996ed4656f052ce4161281b3aa9a61e51f9eedc58a1fea14693c1d82749e5ef287a3b1b821b8fb0a5206cb0a60eb512c3016bdd02334a5ddbbc4fd53156b50
SSDEEP

1536:UHZ+AbROlvir0Z8uW2NYjYgGnwRmrRZelq9qo+GARm0:09Olv40quWkYpGnlDH9ktRm0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a85645f0ef1c1bfcd8f0576dbdaeef20.exe

Files

NEAS.a85645f0ef1c1bfcd8f0576dbdaeef20.exe
.exe windows:4 windows x86

8c042279200f7b6921f91e9b5a7434a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFirmwareEnvironmentVariableExA
BasepGetAppCompatData
GetNamedPipeClientSessionId
GetEnvironmentStringsA
LZClose
WerpNotifyLoadStringResourceWorker
SetConsoleNumberOfCommandsW
CreateRemoteThreadEx
VerLanguageNameA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE