NEAS[.]c952c3947b57413418e650eea9c90ef0[.]exe | Triage

Sharing

General

Target

NEAS.c952c3947b57413418e650eea9c90ef0.exe
Size

164KB
MD5

c952c3947b57413418e650eea9c90ef0
SHA1

5fbd7fec27181b0887cb6789086651ac50fcedd7
SHA256

106e8c8d13b98bd2598bbd6e995c4d79839aa6707669eafde119d5a3ae1230f3
SHA512

aded6595a333cdb0731693c198b26e1b17026cc7e079d696aae61f5a612c47f444ce32361ff3ffa5cac8b34e19d5ecac6ac05656d60faa203e73d1619711bbaf
SSDEEP

3072:vXLqu12JgK5xhW99scgS9CF4m2wz+lbvAmRgHVAUjB3gpCZGz6aM:vXQgKpW9hNh5AmRgyUjB3gpmdh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c952c3947b57413418e650eea9c90ef0.exe

Files

NEAS.c952c3947b57413418e650eea9c90ef0.exe
.exe windows:5 windows x86

18b7ac4aaa157edef3541a0745c3a9ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetProcessHeap
Sleep
GetProcAddress
LoadLibraryA
AddVectoredExceptionHandler
HeapAlloc
CloseHandle
InterlockedDecrement
InterlockedExchange
HeapCreate
GetModuleHandleA
InterlockedIncrement

user32

DestroyWindow
CharLowerW
DefWindowProcW
UnregisterClassW
GetWindowLongA

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ