NEAS[.]31702026a7a5927ea84cc157eac23c00[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.31702026a7a5927ea84cc157eac23c00.exe
Size

119KB
MD5

31702026a7a5927ea84cc157eac23c00
SHA1

6090a2868c68120d5643fd04bde146378544d957
SHA256

1c5446b74afe6abe2707de84f2485a51ff55830d587e24edca156516a289988f
SHA512

23551ec4e4f7c10fde0eac527893067321806b8b836682e9298c63f6fd75aeeb1df3a3aadd3214ea6d740b0d3c89c088d38b3a9e635e3427c7fa53c00e2fa9ff
SSDEEP

3072:59PTZfRWt9lxTMvnRNIMqZ/4JVekA6kudhFPJl2imvXWboyo:jFY9lxGInZ/4JS6kudhEiUWboyo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.31702026a7a5927ea84cc157eac23c00.exe

Files

NEAS.31702026a7a5927ea84cc157eac23c00.exe
.exe windows:4 windows x86

084c512234f7acc513c6d8c7ad3fa43d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFirmwareEnvironmentVariableA
TrySubmitThreadpoolCallback
DeactivateActCtxWorker
BasepAnsiStringToDynamicUnicodeString
RegQueryValueExA
ReadConsoleInputW
PrivMoveFileIdentityW
SortCloseHandle
CreateDirectoryW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE