NEAS[.]6bbe354385deaa1c282d4c0104b536e0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6bbe354385deaa1c282d4c0104b536e0.exe
Size

66KB
MD5

6bbe354385deaa1c282d4c0104b536e0
SHA1

997ac650b5719dc4f655cc1e40f452bf5ee8f50d
SHA256

ddaa3076c13e33639bbc5b36c7ccd49347f2d396e4c9e3aec0a5fc2742ad5643
SHA512

9344efb05c447fac510e1f9e25262b36b039df83cf524d8891248104ff37ca9bca9fc699b8d6546cfe8fd2f0aec4e33ac757d7ad1a3fd0e91a1bfa8ab301fc57
SSDEEP

1536:wSIDIJ8XUoNu1215SeZPlrLUDjXEMFdxqcNUYJ62l:w9Deocg15SeBRwXEBk/6W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6bbe354385deaa1c282d4c0104b536e0.exe

Files

NEAS.6bbe354385deaa1c282d4c0104b536e0.exe
.exe windows:4 windows x86

1a5f0411d112c457f0b50ef3a5a2230c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstStreamW
VirtualProtectEx
ResumeThread
IsProcessorFeaturePresent
SleepConditionVariableSRW
lstrcpyn
CloseConsoleHandle
lstrcmpiW
BaseInitAppcompatCacheSupportWorker
Module32FirstW
AddDllDirectory

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE