NEAS[.]6942c16ae69893f11f952ae849921f70[.]exe | Triage

Sharing

General

Target

NEAS.6942c16ae69893f11f952ae849921f70.exe
Size

119KB
MD5

6942c16ae69893f11f952ae849921f70
SHA1

f92d9a9b1f3abf9bd66f501b7509f56acf6d9357
SHA256

437dcf38751be45c7e03a55ed967c80e55961b45ed156c3d6c18e59a50d58954
SHA512

7e09a79366aceb6ffd1cd4cb5404a57d11c8e3ecbeead7db2b32511a20645c7ac4d1297330d301a431dc4aae671c7ea1384e18e140ebe31b1252409109fee9b1
SSDEEP

3072:4qQNR8hb1id8X2rGn8qAh08ZnJ2dtYAm0NYGlIeU:4qswb1isn8T08lMtnYQ3U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6942c16ae69893f11f952ae849921f70.exe

Files

NEAS.6942c16ae69893f11f952ae849921f70.exe
.exe windows:4 windows x86

a7e906916597a392ebbb46ae35f4d9b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFileExNuma
SearchPathA
RegCopyTreeW
GetThreadPreferredUILanguages
ActivateActCtx
RestoreLastError
EnumTimeFormatsA
BaseIsDosApplication
FindVolumeMountPointClose
InitOnceInitialize

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE