NEAS[.]43c9b9593e608c0aeca6a65e97e01c30[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.43c9b9593e608c0aeca6a65e97e01c30.exe
Size

119KB
MD5

43c9b9593e608c0aeca6a65e97e01c30
SHA1

953dc11e7ca52311f126084779160e1614d1d122
SHA256

b77b6012aff6aa3a3b4b8e6599a283c7d275fae36eb6b493042fc456d07f285f
SHA512

fe353a30d3c4b5e1d4a4bbb4066216d1f14179aa5fa2a831063596e15584194b5333ecc8822b310971c798551d697c8b7937e4b2ac1a9025c9ad9c27d7904794
SSDEEP

1536:UL1+pUPW/XH3GTz2jT0U/IOqs4teS5UUMy63sURLuPI4VFKk5BUmNOIFC0P3G56c:UL1AvXBHYxXUQRPKkbJOKnuMc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.43c9b9593e608c0aeca6a65e97e01c30.exe

Files

NEAS.43c9b9593e608c0aeca6a65e97e01c30.exe
.exe windows:4 windows x86

4d374e16adc299c0d5daa780f1f71b5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CmdBatNotification
GlobalAddAtomExW
WerRegisterRuntimeExceptionModule
ReleaseSRWLockExclusive
BaseCheckAppcompatCacheWorker
SwitchToThread
VirtualAllocEx
SetThreadStackGuarantee
CreateProcessAsUserW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE