NEAS[.]d7a6415958ef19bc4e84ec346d357b40[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d7a6415958ef19bc4e84ec346d357b40.exe
Size

119KB
MD5

d7a6415958ef19bc4e84ec346d357b40
SHA1

a4b0088863d7c3786f0f8d0b6daadaeeab2d5816
SHA256

a3dc4080b54c5ca027d13aa0d973301ac21fa649ba4625964bdc91947d6f129b
SHA512

2607135ba120cec8ed01efc4f1193fbfaf4436047aff497d2dcd695189c573684d1a55bf9e84823572b73b435a0f646e745dfc9107c5e04d09db1fe32cf584d0
SSDEEP

3072:AiggffXFYXJQcSJlgq7bsvJ0Caat74WY3mJTsfk:B9KJQz7YRpa2/YATsfk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d7a6415958ef19bc4e84ec346d357b40.exe

Files

NEAS.d7a6415958ef19bc4e84ec346d357b40.exe
.exe windows:4 windows x86

01942f4252c8b1a2642dd62e734b69d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AppPolicyGetLifecycleManagement
GlobalAddAtomW
WerUnregisterFile
CreateEnclave
GetCalendarInfoEx
LocalUnlock
RegQueryInfoKeyW
SetCommMask
DuplicateEncryptionInfoFileExt
Process32FirstW
K32GetModuleFileNameExA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE