NEAS[.]b2554cae2b1a01f91977fd1e42694f50[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b2554cae2b1a01f91977fd1e42694f50.exe
Size

119KB
MD5

b2554cae2b1a01f91977fd1e42694f50
SHA1

ea6528475c496f9ff0b4c8f8b983e3a69e5a38f6
SHA256

6edc7057311982c88e00691995859f62ef58386a9ae6d3da49de2fea3f5cec62
SHA512

ed9cc5d7d0af5be7d1a65469a8851788fb8b1ad7d3c23db5fed9170c0a84d7cbd1d4f8327c24956db2c331fca29363dcf0d9c06bd4d534153eedef03c2006eb3
SSDEEP

1536:CGufhSs80IIqiGOcZaJF0ICZMddlgI7nN4gut26yXdS7W82HFpzFzcREbsYEvqEZ:CGoos8/F9OPlb7m0gWPzcEbArZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b2554cae2b1a01f91977fd1e42694f50.exe

Files

NEAS.b2554cae2b1a01f91977fd1e42694f50.exe
.exe windows:4 windows x86

117eee35259ceefbe4e6c949cf95ab80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
QuirkIsEnabled2Worker
GetLogicalProcessorInformationEx
CreateFile2
CreateTapePartition
GetTickCount
InterlockedPushListSListEx
BasepGetComputerNameFromNtPath
_lread
OfferVirtualMemory

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE