NEAS[.]28786557b0034d7328da83c55087bb10[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.28786557b0034d7328da83c55087bb10.exe
Size

119KB
MD5

28786557b0034d7328da83c55087bb10
SHA1

ab700e3b458968ed48ef5a4b471a5c24760c7260
SHA256

3b44045f7be69c25c59c83c88903cac851602f66075408668381c8b0857e9868
SHA512

e6778cab01a04a6ad38e0bea4e03e6614224fcce0aef569f9b50a8ba40c748c77dd91ebceb032198a0eebe9cbf0a5378cb9d3ee4659962ee8ff99522a39d70c8
SSDEEP

3072:BJyuJrGS3FOrxKi6KraL+/sFsF3fk04U2rj/auq8jpcEm:fyuGyOroSrZkF23t4zrjPpcEm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.28786557b0034d7328da83c55087bb10.exe

Files

NEAS.28786557b0034d7328da83c55087bb10.exe
.exe windows:4 windows x86

cac594e8ec1979bdf71335ef4e1c10af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextVolumeA
ReadThreadProfilingData
GetNLSVersionEx
BasepAppXExtension
GetTempFileNameW
QuirkIsEnabled2Worker
QueryInformationJobObject
ZombifyActCtxWorker
GetEnvironmentVariableA
FreeMemoryJobObject

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE