NEAS[.]3b645d4ae9f6d99e16fcf536d59f3730[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3b645d4ae9f6d99e16fcf536d59f3730.exe
Size

119KB
MD5

3b645d4ae9f6d99e16fcf536d59f3730
SHA1

8311203fac02bb3205bd257cc1c9d39269e81451
SHA256

c17ccb07dd74fbb96d24a3ef2bcb04eb2d73569f25d15498aabcd279c1e61d7e
SHA512

16a1c29e02b24c4955ac5a33a4ee7338f396ce1945f3737f67b6e49fcb88fa04d64f5215b4c1d7452abaccf4b4b4872eca1f2e4c046decd008e85a0507dce30f
SSDEEP

3072:uE+JORdpqWIAk+h1QInk/J8Ma99EHEbu0YfdH9SB1B:gORd4tAZQIkh5zk4HQB1B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3b645d4ae9f6d99e16fcf536d59f3730.exe

Files

NEAS.3b645d4ae9f6d99e16fcf536d59f3730.exe
.exe windows:4 windows x86

cca65ecc4f81adaaae6c0884bacdf5bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DnsHostnameToComputerNameExW
GlobalMemoryStatusEx
GetDateFormatWWorker
IsBadStringPtrW
GetNumaProcessorNode
AddSecureMemoryCacheCallback
OpenMutexA
GetProcessWorkingSetSize
BasepCheckWebBladeHashes

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE