NEAS[.]a4197a65a0907172916225df175c3b30[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a4197a65a0907172916225df175c3b30.exe
Size

119KB
MD5

a4197a65a0907172916225df175c3b30
SHA1

952cb59b2c95229abfe9ce5ca201bb28fad3bb9f
SHA256

a5bbf9197cddaacd101f304e5b2bf00cef7223be2c54a8220f05c5b9df9fa71d
SHA512

5f80145b733e2dc1142aaf625b01ab69c5246cc887e000a7b90ee6b6cddc32b09e5776a5fddd19565f0b339c5a32b5c8ae038e0db557c964e54ee698250a86cc
SSDEEP

3072:RiFBPvUFAVJcm1GbXCAznt7g2lA+1s05Uet6lkmI:crkFyc9brzniOXw4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a4197a65a0907172916225df175c3b30.exe

Files

NEAS.a4197a65a0907172916225df175c3b30.exe
.exe windows:4 windows x86

389f9660c1993868d7e8c2564428aa7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryExA
GetNextVDMCommand
AcquireSRWLockExclusive
DuplicateEncryptionInfoFileExt
DeviceIoControl
QueryProtectedPolicy
WriteFileEx
DeleteFiber
OOBEComplete
QueryDosDeviceA
TlsSetValue

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE