NEAS[.]856c9bc287e3e61783ca2177bc2456d0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.856c9bc287e3e61783ca2177bc2456d0.exe
Size

119KB
MD5

856c9bc287e3e61783ca2177bc2456d0
SHA1

0f2c4c63f86df7e62a503aa274e2dca2a63cf503
SHA256

0c8ef7dcf46c9ba2fcc2f9e35b725087a2e2be352f2970f8ec6844dce6ef8910
SHA512

ea27c9809307ad2dbe34bf2c45c48cb96b55a78ff368a5ae452eb98804ac01869196b981594fbec5cdaa4315fd3804f3662612e2fbfdef25cf1b923fc31e5806
SSDEEP

3072:JwGffb0z6nRyKfTo7aIT6XZWImPwn5nKn3P/RiPLCgFW:JwGbKKfT6aIT6XZWIn5nKn3P2dFW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.856c9bc287e3e61783ca2177bc2456d0.exe

Files

NEAS.856c9bc287e3e61783ca2177bc2456d0.exe
.exe windows:4 windows x86

09139a94ddca456af112ddde0eedd756

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Wow64SuspendThread
CreateProcessAsUserA
SetProcessInformation
LoadLibraryA
FindAtomA
AddLocalAlternateComputerNameA
SetFirmwareEnvironmentVariableW
GetPrivateProfileSectionNamesW
WerRegisterRuntimeExceptionModuleWorker

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE