NEAS[.]41e33caaa8d7c3f56ad9fa6f7abbf6d0[.]exe | Triage

Sharing

General

Target

NEAS.41e33caaa8d7c3f56ad9fa6f7abbf6d0.exe
Size

119KB
MD5

41e33caaa8d7c3f56ad9fa6f7abbf6d0
SHA1

1fcd3048267dddbb142d05c3f1cfdfdb1f741ee3
SHA256

4cbd9782e6a06fd83f240f74e232fe4cfa20c73710eec6e382383920eae8cffd
SHA512

ff08d808bfa74a77c51e634e1721452fe7061faa982ced44f16c9e9570a331e0262af065c1a425a4eef4fa31f3e24caabfc16140f5df7c6b4d004d99938e358f
SSDEEP

3072:6D4l0HiADifPtrLtHblm1Tg7EFkAdshGinjlErt1Htx9ko96479:Ai0ZiVLdbwtg7Jatp9k2p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.41e33caaa8d7c3f56ad9fa6f7abbf6d0.exe

Files

NEAS.41e33caaa8d7c3f56ad9fa6f7abbf6d0.exe
.exe windows:4 windows x86

b23742b34d3c8a0ea614ad2b4cd95f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QuirkGetDataWorker
PssWalkMarkerTell
GetProcessTimes
IsWow64Process
lstrlen
GlobalFindAtomW
K32GetDeviceDriverFileNameA
RegisterWaitForSingleObject
UnregisterWaitEx
GetNumaNodeProcessorMaskEx

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE