NEAS[.]16e6372afd93ef087c5090a9cf9cbc40[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.16e6372afd93ef087c5090a9cf9cbc40.exe
Size

119KB
MD5

16e6372afd93ef087c5090a9cf9cbc40
SHA1

908941c086bdfb61d1af4e0736056319aeaff68a
SHA256

3cc953b2a020d868d0108e606f2c76c2371ee8fca111f23da976936f5dd576d4
SHA512

7be9647b413a4d30d62647647ac3cb1979fc9ed1273787189692036ae69d0a655fdfeda00601f91479a8377d67cf480820f602c909b3231652f1e167a746584d
SSDEEP

3072:nh9Yl7FbLwJPFIzsVVi3Wx0AFGZdD0gRU8Di:UwDwgb+SgRR2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.16e6372afd93ef087c5090a9cf9cbc40.exe

Files

NEAS.16e6372afd93ef087c5090a9cf9cbc40.exe
.exe windows:4 windows x86

18100c82a5348b063b014f10c1835db9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateConsoleScreenBuffer
GetCurrentActCtx
Module32Next
SetProcessMitigationPolicy
VDMConsoleOperation
RemoveDirectoryTransactedW
LCIDToLocaleName
PssWalkMarkerCreate
SignalObjectAndWait
OpenJobObjectW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE