NEAS[.]3af14d1c32550d3865e61c2f5e004050[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3af14d1c32550d3865e61c2f5e004050.exe
Size

119KB
MD5

3af14d1c32550d3865e61c2f5e004050
SHA1

b420662c7c6357d91082ab609934a05a4d110039
SHA256

f439567295c896dcdeefcc6bed256d6e83fff0e6e2af2ff2d63e463ec0d43f01
SHA512

437a0c781d0381aa5466a07e7841569279e9e3c40757be8994af976a186e69d29a0344df47357dc253dc7c594f51392f74d32b48b6523bbdcdaa74c3346a257c
SSDEEP

3072:Dss7dhQHhkSLa9edSLddXpC7+so09yvy4:Qs7vQHGSm9eURdXpC6sF4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3af14d1c32550d3865e61c2f5e004050.exe

Files

NEAS.3af14d1c32550d3865e61c2f5e004050.exe
.exe windows:4 windows x86

cc437afeaff55468cdbfb14e3e3143ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CheckTokenMembershipEx
BasepAllocateActivationContextActivationBlock
IsBadReadPtr
LZInit
K32GetWsChangesEx
RegSetValueExW
SearchPathW
K32QueryWorkingSet
PssWalkSnapshot
GetSystemInfo
WaitForDebugEventEx

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE