NEAS[.]ba1c86a08ae432bb4a7f597b328ec0c0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ba1c86a08ae432bb4a7f597b328ec0c0.exe
Size

24KB
MD5

ba1c86a08ae432bb4a7f597b328ec0c0
SHA1

c9d5cd6f8044923f6ad2312a695e82d7db2603cc
SHA256

335e9fd2cfc11c9866f4d376144ac9104cb405efef3a98a3dab18123a819e0da
SHA512

bc9a01c8dad27d61c6df35bc799bfba2bb9cf66d8422b189d549e8c4b2e57f6d3f12b91a4c2b4b3491e263bf40374816c4418b42c4b7b720af7ba152b010891d
SSDEEP

24:eLoS9J32fjUCaUdMVqOK0QK6QyQqQiQ1dFlF7FDFDFzau0Ac/0AcL/ogc2:IlPmwCaU2qOK0O7Cx111rTUTC/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ba1c86a08ae432bb4a7f597b328ec0c0.exe

Files

NEAS.ba1c86a08ae432bb4a7f597b328ec0c0.exe
.exe windows:4 windows x64

809e4ea7cdda0b64fb00fe754bfda312

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCommandLineW

loadperf

UnloadPerfCounterTextStringsW

ucrtbase

__p___argc
__p___argv
_configure_narrow_argv
_get_initial_narrow_environment
_initialize_narrow_environment
_set_app_type
exit

Sections

.text
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE