NEAS[.]11d4be6b2299d817587aecc26d47d0b0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.11d4be6b2299d817587aecc26d47d0b0.exe
Size

119KB
MD5

11d4be6b2299d817587aecc26d47d0b0
SHA1

4bc998306d7728668a452aaace93f01ecee03df4
SHA256

a443a169382552249bfcb0ae820cb6fc4b863027188e284b337183b936d9a1b7
SHA512

60983a372bf34e0ea423f7f184961007e9b2b8a41afc715f51104522ffa457efdb816a08ea55a7ba5ec9112480088c6f52f035f3a981ff868e91dbf998b28105
SSDEEP

3072:HEdVC1+C6GxvEOhpS9fciPCJvWxHBuLVEca5:CC1J6SCBCJv8IKca5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.11d4be6b2299d817587aecc26d47d0b0.exe

Files

NEAS.11d4be6b2299d817587aecc26d47d0b0.exe
.exe windows:4 windows x86

7e0198233e016f8dc4dd3f83b852c5f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteTimerQueue
GetConsoleAliasesW
GetPrivateProfileIntW
GetTempFileNameA
RegCreateKeyExW
_lcreat
QueryUnbiasedInterruptTime
SetConsoleDisplayMode
K32QueryWorkingSet
GetNumaProximityNode
FlsFree

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE