NEAS[.]056b80c8a78dd3a39bbe6d9bb3684a60[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.056b80c8a78dd3a39bbe6d9bb3684a60.exe
Size

119KB
MD5

056b80c8a78dd3a39bbe6d9bb3684a60
SHA1

907111a7340751df61d1119572824acac9ef762d
SHA256

317131ede486bd3b30050bba29e1bf5d8cc126fea32e25d95e57f721687de725
SHA512

3fb0fe6629ca48d45de89763d1d2a020694fcb41c5d6b1e725be764546bbd48e7f9e6016cd75a232b49f4e9029cd8c9a86f223e2280c59aefe9a1352854b9280
SSDEEP

1536:5rgmqscCTKPr07rLqT9GcgEYtlnSHrSzHrzpjVrs2ryrd1vUQuqSSqK5tnCvv:SmECmPsLqUcTYtlnSoHHs2qxnC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.056b80c8a78dd3a39bbe6d9bb3684a60.exe

Files

NEAS.056b80c8a78dd3a39bbe6d9bb3684a60.exe
.exe windows:4 windows x86

7efdb53de9d22b943107d2af44d90c8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFileGather
GlobalAddAtomA
FindAtomW
WaitForDebugEvent
PeekConsoleInputA
SetMailslotInfo
GetSystemWow64DirectoryA
FindFirstVolumeMountPointA
WaitForSingleObject
RemoveDirectoryW
VerSetConditionMask

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brdata
Size: 63KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE