NEAS[.]59e6e72c2d8d2d1fd650987d70d50240[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.59e6e72c2d8d2d1fd650987d70d50240.exe
Size

119KB
MD5

59e6e72c2d8d2d1fd650987d70d50240
SHA1

22ed4bea966d0173ff76d8ba3a4d64fc12090ec4
SHA256

38a96c6e1e4f184b8599eab3e58d84518c09a31bcb2db8e692b6058a8a20161f
SHA512

cdcc4769cb39dee019276c9c4bb959db8e6610e9abc046679aa70f70746ad1971922d195390f1a0ce84c58bdf2760a6cbb4fc4be913dce123994cf7e3b3e3128
SSDEEP

3072:y3F0ukSoX/J72n3U/s7Zl7QLBn91qff9LWfw08:ytkSoXu3+sXCBnnuFK2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.59e6e72c2d8d2d1fd650987d70d50240.exe

Files

NEAS.59e6e72c2d8d2d1fd650987d70d50240.exe
.exe windows:4 windows x86

9487346c2a1ea5f5a37888b1169b640f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateActCtxWWorker
BasepIsProcessAllowed
GetOEMCP
GetProcessIdOfThread
AppPolicyGetCreateFileAccess
TermsrvGetWindowsDirectoryA
IsBadStringPtrA
SetCommBreak
GetCalendarWeekNumber
GetCalendarInfoW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE