NEAS[.]91341ea75125cf85595fafd2dbfc9cb0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.91341ea75125cf85595fafd2dbfc9cb0.exe
Size

119KB
MD5

91341ea75125cf85595fafd2dbfc9cb0
SHA1

9f2fa18676023b9f6054d9baa16f350b41e7b2dd
SHA256

63e7e66c6c6aac436d42e63e3a7c8042c8a545ab49ebdebd749bbbd23ee07be8
SHA512

56939d06d93ab22a3de2c4e363d7c05ef84aa4ba21ee463e0ec3923c6c897eb04e1beb5c749c0c5563be9764680373653c9d106d1b277dd2e95d7d1e026cf7c5
SSDEEP

3072:l4DrsdQi5MdxIBQWhgtm1bfB9lmU8/bEaCljejfDY:lHQi37bfU/oaCNh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.91341ea75125cf85595fafd2dbfc9cb0.exe

Files

NEAS.91341ea75125cf85595fafd2dbfc9cb0.exe
.exe windows:4 windows x86

ba3099ff4905bb8d4b4a34271be46966

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PrivMoveFileIdentityW
GetPrivateProfileStructA
TlsAlloc
QuirkIsEnabledForPackageWorker
CreateMutexExW
GetPrivateProfileSectionW
DiscardVirtualMemory
GetProcessHandleCount
InterlockedDecrement
InterlockedPushEntrySList

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE