NEAS[.]e2e50631927f7786cc6767eea5b98c00[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e2e50631927f7786cc6767eea5b98c00.exe
Size

83KB
MD5

e2e50631927f7786cc6767eea5b98c00
SHA1

3c9a53fcd62c60cf5d699a8a852d8521da62932e
SHA256

2072eef253ff6e23c5828977295b19cd99bd2d07f16cb815c3172b5b6bd40478
SHA512

169aad5388f147b8f5be2dd4427b65ea5473e34264fdcf0898b4347c3f4e898d1f39ac4e6e85ede75458d3f152302ffaeafb884ab748a8c73cd65799b8893e91
SSDEEP

1536:RPg/BQdnAKvatsWNLh+6evi1WnT0QUfMxLkYp0wTHFjJM62OTJpjVrs2ryrd1vU9:EcAKy1Zh4Hl72Yp0wTHFjW679Hs2qMW6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e2e50631927f7786cc6767eea5b98c00.exe

Files

NEAS.e2e50631927f7786cc6767eea5b98c00.exe
.exe windows:4 windows x86

8b34433ba1ccf51c0bc18e67c604fb07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventW
EncodePointer
VirtualFreeEx
GetShortPathNameA
ActivateActCtx
SetTapeParameters
FindNextFileA
DeleteTimerQueue
lstrcmpi
RemoveDirectoryW
FindNextVolumeW
PulseEvent
GetModuleHandleA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brdata
Size: 27KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE