NEAS[.]36851ded532d2374b87901009b003930[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.36851ded532d2374b87901009b003930.exe
Size

119KB
MD5

36851ded532d2374b87901009b003930
SHA1

07d8c2ce91c21c0dd769e8a5f24f9ec070a08d8a
SHA256

2e2d8d20a025f5daae80b94999fc72681af78298402269f1810f703f7e01a364
SHA512

98d5d7829be9d29fea0aa068acf6d1665237899dcfcbaaaf28e01864978732bd71a2c5a19e0a1b793401ca001269a2e0f93520b3fc282031dfdee78440227be6
SSDEEP

3072:RbQPJfNwyr1HfBeNu35V85+tz6xi7ELKWshQ6fIP4yg86:sFlr1/BeNu3XW+F6c7EDZ6fIgyK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.36851ded532d2374b87901009b003930.exe

Files

NEAS.36851ded532d2374b87901009b003930.exe
.exe windows:4 windows x86

d346711cce7ecf0daea81c54d8795179

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DnsHostnameToComputerNameW
lstrcat
SetCommMask
GetVolumePathNamesForVolumeNameW
GetProductInfo
UnlockFile
HeapCompact
FindNextVolumeMountPointW
GetPackageApplicationIds
RegRestoreKeyA
CancelSynchronousIo

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE