NEAS[.]5f2ca29f4652ef69c12ac499bb130660[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5f2ca29f4652ef69c12ac499bb130660.exe
Size

119KB
MD5

5f2ca29f4652ef69c12ac499bb130660
SHA1

39b4b07fbbcc326dc87563e607e54ca4d490dce1
SHA256

05062aadee575abd65bbda29e4b398f9be470ca2068cc8a86043c54deec4060e
SHA512

648dce4cdb123b20eb01f1d33568ee3ac6ddc0d79bbb05ce0526b7fbda17c9a32f8afd17bbbc3d9bd85b5828fae4b1ac42cd7dfb270e9100e10bcc7d5a2a548b
SSDEEP

3072:okqn2Aut5MvroBvpXy0esU3RZwbhh41D3L:ox29tsiRDeB3RZwbj45

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5f2ca29f4652ef69c12ac499bb130660.exe

Files

NEAS.5f2ca29f4652ef69c12ac499bb130660.exe
.exe windows:4 windows x86

bff9b447ec5c9653d0780a3f923d18a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsSystemResumeAutomatic
GetDateFormatEx
IsBadCodePtr
GetSystemDefaultLangID
CreateDirectoryA
HeapUnlock
FindNLSString
AllocateUserPhysicalPagesNuma
VirtualQuery
CheckTokenCapability
QueryIdleProcessorCycleTimeEx

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE