NEAS[.]c6e61eaa8619dd472ab92dc8ce4f1890[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c6e61eaa8619dd472ab92dc8ce4f1890.exe
Size

119KB
MD5

c6e61eaa8619dd472ab92dc8ce4f1890
SHA1

edd0edf630d8e94f03ce9e45cb73be4ac64b4f9a
SHA256

eb5a82d3d8330ca7fc24884f2c186e979082f9e7a5b28a1eae866d41d76b3039
SHA512

e88cf40f3392820172c3bc2dc8cc8d44c43bf503dee3c7eb5c1e0aa7749f1ce5775758923e33c6e68e36e3f58cde55841f5a4a788ab9e530e991702a5f8fafd1
SSDEEP

3072:WZRh1IYkhuUUjlMQTVIjGSwj6Oxn7dH71WE:MRheM15L5IjYj6En5n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c6e61eaa8619dd472ab92dc8ce4f1890.exe

Files

NEAS.c6e61eaa8619dd472ab92dc8ce4f1890.exe
.exe windows:4 windows x86

c7f4c933fd3ac5d5dfc98f12de4a0e90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RegUnLoadKeyA
RegCopyTreeW
GetConsoleAliasesLengthA
BasepQueryModuleChpeSettings
PostQueuedCompletionStatus
CompareCalendarDates
Module32Next
InterlockedCompareExchange64
DeleteFileTransactedW
CreateActCtxW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE