NEAS[.]28b43533c573beff8cb6206f2fd5e2d0[.]exe | Triage

Sharing

General

Target

NEAS.28b43533c573beff8cb6206f2fd5e2d0.exe
Size

119KB
MD5

28b43533c573beff8cb6206f2fd5e2d0
SHA1

6d9b0ce42ea300c2538f0da3ed88b5b37bec3fe3
SHA256

d45f6590a66b307dbe94d425cf98d26ec47132691afa54b4c942a67c9c40f7fd
SHA512

c7d72a087367cbbcd681456ffd0e472de5a3c1d0ef9ac8032c587d29325e38fc40d2d1e1dc4a3974c50c37a092dfe4c71f6d13223669855d801fea03b87e02b4
SSDEEP

3072:yDG0KXXzCyZ68Ulyhg7gseuNpzz/jwZi+1q7BFT8o:2GB2ymly4giT//2Tq918o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.28b43533c573beff8cb6206f2fd5e2d0.exe

Files

NEAS.28b43533c573beff8cb6206f2fd5e2d0.exe
.exe windows:4 windows x86

8bec601dafe60ff96a942db545421a2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformationForYear
GetCurrentDirectoryA
GetPriorityClass
GetVolumePathNamesForVolumeNameA
WriteConsoleInputVDMW
DisassociateCurrentThreadFromCallback
SetSearchPathMode
CloseState
RegGetValueW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE