NEAS[.]e91ce7212fa1edb6a190cc8de66ca930[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e91ce7212fa1edb6a190cc8de66ca930.exe
Size

66KB
MD5

e91ce7212fa1edb6a190cc8de66ca930
SHA1

4a3f7515ac866f9dc201ea0efe7379add643f0c3
SHA256

96a4c7405bf72de26683cf079f913cd4785dcd28661195fb3689cf045a6df2a9
SHA512

002a2e0e82d6b034d5d7c90a6b4e2b709305d3c431cbffea2fc6c26f6345fae066a2e066ad1d658314e66128643fa5531fa588e893c1acd3c4b0535738c32904
SSDEEP

1536:UoCSycyNjfgwcrQu5iJSnmFzE97PZtnVGIMvbluOCaYvoVMgZFF:17r8Js2zE9zPVvMTluOC4VJV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e91ce7212fa1edb6a190cc8de66ca930.exe

Files

NEAS.e91ce7212fa1edb6a190cc8de66ca930.exe
.exe windows:4 windows x86

cb10889d025086b02ac3429660ef2176

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
QueryIoRateControlInformationJobObject
RtlMoveMemory
GetCompressedFileSizeTransactedW
GetProcessInformation
GetPriorityClass
AddLocalAlternateComputerNameW
WerpInitiateRemoteRecovery

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE