NEAS[.]3cf57580c8e2a966de2372d8c0030ca0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3cf57580c8e2a966de2372d8c0030ca0.exe
Size

119KB
MD5

3cf57580c8e2a966de2372d8c0030ca0
SHA1

5c15a434b46622f6c605c82233e9d9f20817e720
SHA256

4a20b9c13ec64523baf7afcddd8a100c983a2dbd9a5a6ce8c64b741e31a9469d
SHA512

e825023c0a23f9b2ddff8cc9b27fac52b573b31c8d7e32d967fdca05ccdf8f90fa4b393cdf7bad34609de32a8ce92f5f161f03a4a85ec9d1c20c74585ecf8dbb
SSDEEP

3072:I8zvjY0mV7s5oviKi1BoNKmaRh2qYBGt1WY:I2jY7T6F1bYfBGtgY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3cf57580c8e2a966de2372d8c0030ca0.exe

Files

NEAS.3cf57580c8e2a966de2372d8c0030ca0.exe
.exe windows:4 windows x86

706c42ce6f39329fbf883164c5b9401e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryActCtxW
GlobalAddAtomW
SetProtectedPolicy
ConsoleMenuControl
SleepConditionVariableSRW
GetNamedPipeServerProcessId
GetPackageInfo
GetConsoleCommandHistoryLengthA
GetCalendarInfoEx
NlsWriteEtwEvent

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE