NEAS[.]75116f6c49b83ff8181a0e8713c9a990[.]exe | Triage

Sharing

General

Target

NEAS.75116f6c49b83ff8181a0e8713c9a990.exe
Size

119KB
MD5

75116f6c49b83ff8181a0e8713c9a990
SHA1

895fd3db732927108e65ac0805c3c6a428fae3cb
SHA256

d6416351347b49e9ed89a0af6f6aadf4198fc356de61f2b3b6865c5e92f66e60
SHA512

3f3e73ffe11736a67f729751decfe36bfba64db45b33fa63b8a4db05bc2b159c765421a78f09a41e69c0d399083332297ca0985ba57f5bd71625b2b038e65a52
SSDEEP

3072:jkQI/Ast3uCFbZBP/6RKFyI/PaXpmhaEIQbZZPOBxgBxfL:jkb/BtT/PLy6Pa3yZZPOB6bfL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.75116f6c49b83ff8181a0e8713c9a990.exe

Files

NEAS.75116f6c49b83ff8181a0e8713c9a990.exe
.exe windows:4 windows x86

ec78f43232fbb7240e204b3b3309b1d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileTransactedW
IsWow64Process2
AddRefActCtxWorker
RegCreateKeyExW
FindFirstFileExA
CreateTapePartition
GetPrivateProfileIntW
InterlockedDecrement
IsBadReadPtr
ClearCommError
GetSystemDirectoryW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE