NEAS[.]f93800b1b71365838e527b2e64c37b50[.]exe | Triage

Sharing

General

Target

NEAS.f93800b1b71365838e527b2e64c37b50.exe
Size

66KB
MD5

f93800b1b71365838e527b2e64c37b50
SHA1

9449b2c92182ad2602198f4b1dc7a9a2f3132bd5
SHA256

43e62c7d8b60940146b728f3184dae24b63748d2185446b6fa2f2c03ca06e152
SHA512

45b2b20b0cad7705e898b2d3f95bf4346d6df30c5ca81f3216cb5634391178820b88eff73bc68045fed91546ab64c76b4b3add65fc6e5fa66b7c76b5bbe9e14a
SSDEEP

1536:jMbrVI1kohAYtlt5C5LnIKIU2ohehmxVO/1trF5D:j+2mcfsLnp2oheJ1trF5D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f93800b1b71365838e527b2e64c37b50.exe

Files

NEAS.f93800b1b71365838e527b2e64c37b50.exe
.exe windows:4 windows x86

49d927cda53a3cc7d52be5295f0efd9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
GetProcessHeaps
VDMConsoleOperation
FreeLibraryAndExitThread
SetConsoleMode
GetConsoleKeyboardLayoutNameW
RemoveDirectoryTransactedW
QueryPerformanceCounter
DosPathToSessionPathA
SetFileApisToOEM

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE