NEAS[.]f809792a8b760b0302ad8c6f4b849040[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f809792a8b760b0302ad8c6f4b849040.exe
Size

119KB
MD5

f809792a8b760b0302ad8c6f4b849040
SHA1

3dc76366404071d54a02903b10173ae7e59472bb
SHA256

a8c07d22715c92af9ca498b78aa8f2f7a0af60fab2b9a2a2b04d6ecb8030420b
SHA512

a2bc7777cf3bde30b55b529a03444760c0282c3cc2ce97f93c8a73236a7687801bae3bb48e5b9f27ecb3ef68fad1437cff262a30513f122c26ab70bba50a258e
SSDEEP

3072:aN/NjeIihidKGnDNbBKVQ4Jbx3FeYnBLsFPpCT:g/Na1odzZB3El3XLbT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f809792a8b760b0302ad8c6f4b849040.exe

Files

NEAS.f809792a8b760b0302ad8c6f4b849040.exe
.exe windows:4 windows x86

fc1efabc946d0a1e821a62c94c2559c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WerRegisterFile
IdnToUnicode
GetApplicationUserModelId
RtlFillMemory
CreateBoundaryDescriptorA
WerUnregisterAdditionalProcess
RemoveVectoredContinueHandler
InitializeSListHead
EnumResourceNamesExA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE