NEAS[.]5f16d49069fb02ac6a161ae2eda13e60[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5f16d49069fb02ac6a161ae2eda13e60.exe
Size

119KB
MD5

5f16d49069fb02ac6a161ae2eda13e60
SHA1

b2729b145f94ef76a88d2b2d22422ebc5ba1e917
SHA256

17d84584a6058bd0704a9df53ab2e3d719bf164da6be871e08d7f0307494b4b0
SHA512

0efd55ac7b40fac32de3f107b0800551e48ff36aed61f4629112e1f87e6550028d32815801d0e5adf8f2e33e1079f41a1c1f0994fb075a4e471b5a6d289054f5
SSDEEP

1536:ByY0ce2pMZJb3miRhjjf5RaCrUrmuuVOGGYHByCeW+kRXlzE4b39oQwKW2hC:0YheXr3mi3jjfzaDr0yvkRX64D9oQnc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5f16d49069fb02ac6a161ae2eda13e60.exe

Files

NEAS.5f16d49069fb02ac6a161ae2eda13e60.exe
.exe windows:4 windows x86

31ac5871f47c1e0e6d36e2944f7788a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProfileUserMapping
GetFileAttributesA
GetConsoleAliasesW
IdnToNameprepUnicode
GetCPInfoExW
InitializeSRWLock
FindNextVolumeMountPointA
ResolveDelayLoadsFromDll
InitOnceInitialize
GetPackageInfo

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE