NEAS[.]38e40bb20fc6e96fd00469ba920f0550[.]exe | Triage

Sharing

General

Target

NEAS.38e40bb20fc6e96fd00469ba920f0550.exe
Size

119KB
MD5

38e40bb20fc6e96fd00469ba920f0550
SHA1

b008d9723c96ab88e5f550f24e61967bd261567c
SHA256

dc2622b604148af943145d4e943fc2644054fcfbc0b076c1ca5938429a9fe225
SHA512

4df2482a90c884596cab9f5e010419c92caa478ad1952f116653d300b809d713651902e895c375cc6c950066aee35b95d200b8fc2047607aed5cff54096e7768
SSDEEP

3072:L5njj3pxGysGrmrXge11YzNFGRXJodCBLhZ0vOEKLf4HRhuooa4ycahR:VLW3gXzNFGjPDCvm8HbuVaF/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.38e40bb20fc6e96fd00469ba920f0550.exe

Files

NEAS.38e40bb20fc6e96fd00469ba920f0550.exe
.exe windows:4 windows x86

c1be226980f285c6ba4efda372431d5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
GetNamedPipeClientComputerNameW
GetProfileSectionW
NtVdm64CreateProcessInternalW
RegUnLoadKeyA
WriteFileEx
CreateProcessA
K32GetWsChanges
DosPathToSessionPathA
SetConsoleIcon
GetThreadGroupAffinity

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE