NEAS[.]98dff5d509c8ff0669a26e93f9cd7630[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.98dff5d509c8ff0669a26e93f9cd7630.exe
Size

32KB
MD5

98dff5d509c8ff0669a26e93f9cd7630
SHA1

2a72c72c14f980d1e39cc2f6ef07ed72cabd38db
SHA256

07d09a08bb45611cdf7397dc331f2011393fec1904b64aad07b4bcaf85c30049
SHA512

856476f799ed29d4d19a7d8e6c0ad8aeb25e5aa84503a9b88db393347ca31930bff0bbcddb09c1a5be1bfd39127b6497d92fab49cbb4ceddaa54b75ee00188ec
SSDEEP

768:lPuCWRuY1NN0+spEs9vEbC5/ywAJ8VFA:lbWR7152BEbuywASF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.98dff5d509c8ff0669a26e93f9cd7630.exe

Files

NEAS.98dff5d509c8ff0669a26e93f9cd7630.exe
.exe windows:4 windows x86

b66f2358dd28c855cd1bcb856d84a6ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

ntdll

NtSetInformationThread

shell32

SHGetSpecialFolderPathA

Sections

CODE
Size: 24KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE