NEAS[.]e92c47438652f4010b960b00951e3360[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e92c47438652f4010b960b00951e3360.exe
Size

66KB
MD5

e92c47438652f4010b960b00951e3360
SHA1

d3cf6203999d5b93f3bc656913ef8f616d9edf2b
SHA256

812b35bc1be3e5062275d222357e3e1d61096ce08da0ab9f6ed7809707d5dced
SHA512

ca3a5e1d97d02d0b0c2882bfbab947b95fa8c7d2b34c91214f38a798b752e6aa18af31578939c185fedde277ba6db61ea487b2f16a16b7ec54307eb41eec100a
SSDEEP

1536:QnfX33Dhc2LE7RpYhJ9/HJHDF5+79AUJ7j/fE:Qnf3V07RpYhJRBF5M9RJ//fE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e92c47438652f4010b960b00951e3360.exe

Files

NEAS.e92c47438652f4010b960b00951e3360.exe
.exe windows:4 windows x86

b0cdcb351d4b8b28654fc7cf06037208

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
RegOpenKeyExW
ReadConsoleInputW
SizeofResource
QuirkIsEnabledForPackage2Worker
GetFinalPathNameByHandleW
EndUpdateResourceW
FindNextVolumeW
LocateXStateFeature
InitOnceComplete

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE