NEAS[.]f21b329ff4c099625029268c42619a70[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f21b329ff4c099625029268c42619a70.exe
Size

66KB
MD5

f21b329ff4c099625029268c42619a70
SHA1

138a3296444691b97793b06e92765883a81829bc
SHA256

e3c694399a7d46a28f96ff274d500e6cbe213198e51c8d54331e4384116a3df6
SHA512

acc130a7c8d72e52660a08812d1082eac0172a1409216b2dd2630520d1571535eaad54b0ceca1f986e928f4d956d67653a633e4c0710622bf50128ff21b60905
SSDEEP

1536:YjXyYD5QA3qoV6U00AV3QDXabewfz0M8kl/ayBeL2URqIUs7o9yXsO/waP7pyjW9:infujQaMTjovv84mDMBDfccy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f21b329ff4c099625029268c42619a70.exe

Files

NEAS.f21b329ff4c099625029268c42619a70.exe
.exe windows:4 windows x86

6d0d2dfc5d205a3f7e1316200a6d0578

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeaps
CmdBatNotification
AssignProcessToJobObject
CompareCalendarDates
BasepGetAppCompatData
GetConsoleCommandHistoryLengthW
CreateTimerQueueTimer
SetConsoleDisplayMode
ActivateActCtx
WerUnregisterExcludedMemoryBlock

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE