NEAS[.]27314d8a6ba1e1207607362a962bf780[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.27314d8a6ba1e1207607362a962bf780.exe
Size

511KB
MD5

27314d8a6ba1e1207607362a962bf780
SHA1

810f66418a8e64ad35b29921f1af4838642e84db
SHA256

19c04c0871616a9e872d3ad56bc9b64546d45f71ee7c9d62a9553de8a118e968
SHA512

74880b81f51616ff07902e5a13facb2036da709da24aad94127722ab5573b9adf38acf4eaddb9c6d6d728bd268ed72532b246f3c41ea7c0ed348ecd802bfcd5c
SSDEEP

12288:nWJt2pLQoj3Ci1BXqsfT5Q+2fg0JRC0hIO4:Fd/3CiXXqsf1Q+b0L2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.27314d8a6ba1e1207607362a962bf780.exe

Files

NEAS.27314d8a6ba1e1207607362a962bf780.exe
.exe windows:4 windows x86

8e2b58f3a798b1e0be4e7278eae8c0d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
RemoveLocalAlternateComputerNameW

user32

GetInputState

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 317B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE