NEAS[.]ff75238d3f719bb03eefc9e842edbf30[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ff75238d3f719bb03eefc9e842edbf30.exe
Size

66KB
MD5

ff75238d3f719bb03eefc9e842edbf30
SHA1

4b3ee3987ce3b7da608f54004e708da1a9f31473
SHA256

21ea470ba66e94ea1ab2cc3187d8d389abec8036b264b8870b47ed9256b9fb82
SHA512

7d1155016a1d2be4c035ac3dd9cbf9b0eedcae0b598744265c5a850b5a32ea1587070ba91bfd344e0c68eff655e65e142cbd7f48630c6a8b18ed5c5fe15da450
SSDEEP

1536:dQf8UQ0JPIvosc8s6LTRkWMHgykdC1ScqqJxxVfBd:WVQKYosxLTRk9CuSHG1fL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ff75238d3f719bb03eefc9e842edbf30.exe

Files

NEAS.ff75238d3f719bb03eefc9e842edbf30.exe
.exe windows:4 windows x86

fc4f73b230d4d8dd3a2261a50e377b26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DnsHostnameToComputerNameA
GetPrivateProfileSectionA
lstrcmpA
IsSystemResumeAutomatic
GetSystemWow64DirectoryA
VirtualAllocEx
GetProcessVersion
ValidateLocale
SetFirmwareEnvironmentVariableW
GetConsoleAliasExesA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE