NEAS[.]54edc645bce9df0a0872880c9ba86c30[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.54edc645bce9df0a0872880c9ba86c30.exe
Size

119KB
MD5

54edc645bce9df0a0872880c9ba86c30
SHA1

761296590a41c0eb4ff5f0fcad85dfc599e9aae4
SHA256

a3cd544874b4b08c609155ec181de6d989c07aecfcf87304c29fee2dcacc9c12
SHA512

6d1bf44de3c9f0d485e34a9964c9d69df13ac2c192190b2ce395c1d09890dc79ec7198a56bb6aa32900c16fcca5d343497cd9ed400b13582ef36fefc783b7495
SSDEEP

3072:B9pOOFM/sPJFIsNcgskOixRhN2DSSymTu2XbJKGeKgC2B:fC0PRcgsyxADhSubJKGeG+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.54edc645bce9df0a0872880c9ba86c30.exe

Files

NEAS.54edc645bce9df0a0872880c9ba86c30.exe
.exe windows:4 windows x86

88b1dc2c6f51ed548e819e305735230d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetMaximumProcessorGroupCount
UpdateCalendarDayOfWeek
EnterSynchronizationBarrier
WerRegisterExcludedMemoryBlock
GetProcessWorkingSetSizeEx
SwitchToThread
GetProcessId
GetProfileStringA
RtlCaptureStackBackTrace

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE