NEAS[.]bc1fd3039bd1a5d475025826645bfd40[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.bc1fd3039bd1a5d475025826645bfd40.exe
Size

119KB
MD5

bc1fd3039bd1a5d475025826645bfd40
SHA1

87946bbcdfbabb6ba283b67c6e260967d1d8a58c
SHA256

2bd27246231c8ac421844cc182571fbd1854d36b55ea3ec060983d9f501bdeb8
SHA512

5117bd6ee7edcda28f4cfef193eee07482f3ae6f16404ded8e49e9d75656a37b1aba28708e1298209945d8b6da066caa49cef891d2cd4024a5c015d57c7fab7c
SSDEEP

3072:EzXt2hq6I+3EDBraU49OMZuXqNIaF+2XQYhj+V2SbJ8:CXkYn+3yBeU43ZuMIaUQxh+0SbJ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.bc1fd3039bd1a5d475025826645bfd40.exe

Files

NEAS.bc1fd3039bd1a5d475025826645bfd40.exe
.exe windows:4 windows x86

3d5084100e7fe6ca1c0c2ff09bb11c00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleKeyboardLayoutNameW
QueryDepthSList
TermsrvSyncUserIniFileExt
InitializeCriticalSectionEx
OpenThread
RegisterWaitUntilOOBECompleted
WaitForDebugEventEx
InterlockedFlushSList
SetThreadToken

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE