NEAS[.]3496f49369e38321437907a0fcd55d50[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3496f49369e38321437907a0fcd55d50.exe
Size

66KB
MD5

3496f49369e38321437907a0fcd55d50
SHA1

4e7f7ccc93926e096a6d5aeb6f7773007aa743c9
SHA256

17e84b3e8692a0ab640c982d4eb92edfb5642ee9fe98149d1567140dba9cd266
SHA512

c3f8ed301c44cd3f96606a244549047f84ebc6bdf2929c8367b5898d1ce7a88de0ae40731dd3bb7a567abc09e4c5960671f1bf536902ea2595998bfe2eab7b7c
SSDEEP

1536:Gdt1lTKKCbYdd3w1uHGGr+dhMJ2W8+q4AWgm5qBGdb:GdvlHCbZGGGr+dhM/U1o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3496f49369e38321437907a0fcd55d50.exe

Files

NEAS.3496f49369e38321437907a0fcd55d50.exe
.exe windows:4 windows x86

bab8ec794ae14778de66a2193af978bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
RegisterConsoleIME
SetFileShortNameW
CreateProcessInternalA
GetNamedPipeHandleStateW
GetCommandLineW
GetCurrentThread
DuplicateConsoleHandle
GetCurrencyFormatA
WritePrivateProfileStructA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE