NEAS[.]1dbe0e22effce13ca7696bd97bbcfa20[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1dbe0e22effce13ca7696bd97bbcfa20.exe
Size

119KB
MD5

1dbe0e22effce13ca7696bd97bbcfa20
SHA1

35a8d2a1e83d10d131cb6da8f965fe7b6c4a9f59
SHA256

89780f9405b36bb5b0e5b7932b19645705bc214985033c34fe998e6abc13ae53
SHA512

7bfdf3e6ca3e868b3e5c8dbb3e3a7a117b76fbd07be12f2956bc87087c6b8225153e826065575150a488865b6b618b27b540b7cd1e5e5c1782a0c73bfd4a59f3
SSDEEP

3072:+SwGN7jmRZQZnAaO8jtIHGpPix6FXHypBQ2sWg0hmq:B+Odt8GpKxUHynQ7Wthmq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1dbe0e22effce13ca7696bd97bbcfa20.exe

Files

NEAS.1dbe0e22effce13ca7696bd97bbcfa20.exe
.exe windows:4 windows x86

1b7a75a3a01d3092d24e772ae800ee5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleInputA
SuspendThread
GetNamedPipeServerSessionId
K32EnumPageFilesA
GetNamedPipeAttribute
RegisterWaitForInputIdle
IsNativeVhdBoot
EnumSystemLanguageGroupsA
LeaveCriticalSectionWhenCallbackReturns

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE