NEAS[.]95b185654b29c9e818e7c116d8b94d80[.]exe | Triage

Sharing

General

Target

NEAS.95b185654b29c9e818e7c116d8b94d80.exe
Size

119KB
MD5

95b185654b29c9e818e7c116d8b94d80
SHA1

f11d23e84e7247117153a435165ad0aa0e61f980
SHA256

ff2a17265326137adef3b069ca6a328b8b2131d528f4b27b89a24ecd3f96834b
SHA512

f1d3bb67b5e4103f4e9c2596305691ba65181800688c7ba4d0ce050dc9f2e7f53a409396ea3d35e32e3d7e402d8163369c56b2894d51cab431dfe58e756eb62d
SSDEEP

3072:28lZJ6vLFxqe8sYjcBO90aElAaO02zWcLxdHUzA:2MZcRxqQYjcBO90aunOrzWYdcA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.95b185654b29c9e818e7c116d8b94d80.exe

Files

NEAS.95b185654b29c9e818e7c116d8b94d80.exe
.exe windows:4 windows x86

077aa40f3c412fc352d5c2b47d75d358

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlsAlloc
NeedCurrentDirectoryForExePathW
CheckElevation
CancelDeviceWakeupRequest
CreateMemoryResourceNotification
GetFirmwareEnvironmentVariableExA
SleepEx
MapUserPhysicalPagesScatter
AddScopedPolicyIDAce

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE