NEAS[.]c3443033a5905c5399a98efd14e7ac50[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c3443033a5905c5399a98efd14e7ac50.exe
Size

119KB
MD5

c3443033a5905c5399a98efd14e7ac50
SHA1

d1c4d997d50107f8b551e1f7d4725da7f6f29f76
SHA256

3654629307494554ec0ae350c85df280e9beccbd4e928dd7cfeee6aff2b409ce
SHA512

b84b3f0ad82ab9c915c1b325f114f27f026dad4a9a5526802379660b5dc5213a69ad1ff2e59e575c88b26abcec4d44f5e6cdccb681e3a059589663ebbe08beab
SSDEEP

3072:CVuTv2wBfoIT3azecjojQYebhp7iYVJ0I:GurBBfo0aKcjojQjbhfVN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c3443033a5905c5399a98efd14e7ac50.exe

Files

NEAS.c3443033a5905c5399a98efd14e7ac50.exe
.exe windows:4 windows x86

f698d35fe070ee399063d4edd9dcfd5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateJobSet
FindFirstFileA
BasepCheckAppCompat
PackageNameAndPublisherIdFromFamilyName
LocalReAlloc
GetTempFileNameW
InterlockedPopEntrySList
K32EnumDeviceDrivers
CreateDirectoryExW
UpdateProcThreadAttribute

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE