NEAS[.]63a7d64ce045c96d7d4786c13fb664c0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.63a7d64ce045c96d7d4786c13fb664c0.exe
Size

119KB
MD5

63a7d64ce045c96d7d4786c13fb664c0
SHA1

5071b89e560b27fa92fe487bc3c698592459fcda
SHA256

da64988737541c5abdef32a010559165db814a1886ff18236fd8ae4f1c2c8874
SHA512

177d5114422136b602d569b2b8907750f180b0a9d7d9300dd260897189e474422989d879d1058f6b94d3b0463e8a51073ae3dc5f67ac5a265c40fecd25e93e52
SSDEEP

3072:QbDtgSPlmOR2ddqpZJ2MxEiqGv54br/3HAgxehfqjd:QftgSPWqJFxjqAyvHjjd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.63a7d64ce045c96d7d4786c13fb664c0.exe

Files

NEAS.63a7d64ce045c96d7d4786c13fb664c0.exe
.exe windows:4 windows x86

77b21b0333c95438bb795b9bc1e63edc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsSystemResumeAutomatic
DuplicateConsoleHandle
BasepCheckWinSaferRestrictions
RemoveVectoredExceptionHandler
IsNativeVhdBoot
RegisterWaitForSingleObject
RtlCaptureStackBackTrace
NormalizeString
GetApplicationRecoveryCallbackWorker

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE