NEAS[.]NEASb699be0976128e666bf83d112582c110exe[.]exe | Triage

Sharing

General

Target

NEAS.NEASb699be0976128e666bf83d112582c110exe.exe
Size

119KB
MD5

b699be0976128e666bf83d112582c110
SHA1

7fa1b4d6dc677c5b14ca330085718b6fe40f1148
SHA256

4efbe6e535794fe4e6c634818c44f27db0165af610c00173708d000ef12e2696
SHA512

7137e95c9cd62ce1497f221f600af25ff6ab98f738849f1e5ad13005b9611550ce79adb28738c29bfe63735cdd7ecb845ca308b382e38c894191d494129beee7
SSDEEP

3072:EGP1LnbE7cAeK+Sho2/JmEC/aH91RMMJqYtK9e+8YBSUQ9:bP14px1/Jmp0LqM4YtK9e+XBPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.NEASb699be0976128e666bf83d112582c110exe.exe

Files

NEAS.NEASb699be0976128e666bf83d112582c110exe.exe
.exe windows:4 windows x86

6206afa2d687b86a07db07b4ef20eff7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindActCtxSectionGuid
FlushInstructionCache
CloseThreadpoolWork
RegEnumValueA
MoveFileWithProgressA
CloseProfileUserMapping
TransactNamedPipe
SetProcessWorkingSetSize
ZombifyActCtx
TermsrvDeleteKey

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE