NEAS[.]c488f6c4d1e7ebb6f0a0979764adeaf0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c488f6c4d1e7ebb6f0a0979764adeaf0.exe
Size

66KB
MD5

c488f6c4d1e7ebb6f0a0979764adeaf0
SHA1

d8fe16b0563e1f0455e258d76fb86636987b6e69
SHA256

236197350366155140285b8e6ab7e38fbd5cdc3c429e95baf8e1790bc716bb9d
SHA512

fe2ad07984db1de7220f0ec81e9764c47ae6b6ca6688a8c372a465641a64f1ea8dedd4245a34400b373e7c6b9db3064f20663895f1eff138b235bdd598969ea2
SSDEEP

1536:E13QZ2ELwkVk42SrokouZd1bEB4AYxRRjieu1n:AQZXwX42SVwpqRRjin

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c488f6c4d1e7ebb6f0a0979764adeaf0.exe

Files

NEAS.c488f6c4d1e7ebb6f0a0979764adeaf0.exe
.exe windows:4 windows x86

8131e085b62d655ad7f9091114af63f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetApplicationRestartSettings
SetCommConfig
AttachConsole
GetDateFormatA
CancelWaitableTimer
Wow64EnableWow64FsRedirection
QueryThreadCycleTime
GetLocaleInfoW
GetDateFormatW
WaitForThreadpoolTimerCallbacks

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE