NEAS[.]c5485e25dfb0e6f3f104f027da396450[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c5485e25dfb0e6f3f104f027da396450.exe
Size

119KB
MD5

c5485e25dfb0e6f3f104f027da396450
SHA1

c97acb52bb6c49f37fa11c0798397e8dbf9d4633
SHA256

a310ae3c3cab2efabbc71da0e31822c5cf3380a5dfaf0df69865cb841f0b5f78
SHA512

d56380cbbb4089d828a7508d306cfc59da90b9e58d74f653ad67f00c7a6043fc69335aa6257a911872bad9766fb01e4af0c61aad748de7b9b997ac4c82aa3766
SSDEEP

3072:uinXvrSxh2Rbech1dCBfZalLESSECUaqjROlr:uin/exh2IcsBfSumIr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c5485e25dfb0e6f3f104f027da396450.exe

Files

NEAS.c5485e25dfb0e6f3f104f027da396450.exe
.exe windows:4 windows x86

f3c9a79ef4de2d529b3f8d7082d648c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PssWalkMarkerRewind
BasepFreeAppCompatData
OpenJobObjectA
UTUnRegister
CreateJobObjectA
CloseHandle
MapViewOfFileExNuma
GetFirmwareEnvironmentVariableW
WerUnregisterAdditionalProcess
EnumTimeFormatsW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE