NEAS[.]00c9fd4b65aa4a4146ae953b6df3fdb0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.00c9fd4b65aa4a4146ae953b6df3fdb0.exe
Size

830KB
MD5

00c9fd4b65aa4a4146ae953b6df3fdb0
SHA1

b29e4a23e418160326c8d6545858628821d11cbb
SHA256

b4a8770f54641f54bdc38a3f0af1a8d4111e1384b03ec7d8cba20998e3232ff8
SHA512

af920e4c33bc5fbd277183ef3659e8f5324704af53e3ef6afe3b2f74db4ffdbdaa5e46adac638696f2576f7b40321746adfe12e12aef9dd60a6e7d37e62b9475
SSDEEP

24576:dNRVGQLJlkxdd8DGEa2SxxPnQuFx4Dz2raR:dBLJWSvS7/QZz2raR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.00c9fd4b65aa4a4146ae953b6df3fdb0.exe

Files

NEAS.00c9fd4b65aa4a4146ae953b6df3fdb0.exe
.exe windows:4 windows x86

d0999311852a7009dbde6d974645daef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleTitleW
GetCurrentProcess
CreateSemaphoreW
GetCommandLineA
LeaveCriticalSection
EnumResourceNamesA
WaitForSingleObject
FindNextFileW
SetEvent
MoveFileExA
EnumCalendarInfoA
CompareStringA
GetLocaleInfoW
GetTickCount
GetDiskFreeSpaceA
HeapCreate
GetModuleHandleA

gpedit

ImportRSoPData
BrowseForGPO
DeleteGPOLink
CreateGPOLink

Sections

.text2
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IDATA
Size: 813KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ