NEAS[.]4f71ad29e6a87a5cd50409518ec83d50[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4f71ad29e6a87a5cd50409518ec83d50.exe
Size

119KB
MD5

4f71ad29e6a87a5cd50409518ec83d50
SHA1

6a75f053ebd97cc146c59c69c77a8db900aaaff3
SHA256

95901e318a8bffe82aea82e9c8758922751970ab2585e711f5b15b20816ebebd
SHA512

5c88595e91ddff26d71d601272d15e20f85157e4e7e8736055db62dc375ed4ee2c28a5c6cfb27fec99bbda349bfce04c9065ab3d2d828f2162da1030c7ad484c
SSDEEP

3072:UeeZLDw+c+JASmuKy10mf/BjWmRmxc0tR:WZLZNJASmTyRBjWUeH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4f71ad29e6a87a5cd50409518ec83d50.exe

Files

NEAS.4f71ad29e6a87a5cd50409518ec83d50.exe
.exe windows:4 windows x86

94608533156026d88db63f5fc3b9cad9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDBCSLeadByteEx
_lclose
FillConsoleOutputCharacterW
FreeLibraryWhenCallbackReturns
UpdateResourceA
QueryPerformanceCounter
SetThreadIdealProcessorEx
CallbackMayRunLong
WerRegisterMemoryBlock
GetLongPathNameW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE