NEAS[.]d2c3211fbb56b1c0f1d479de6e2a32a0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d2c3211fbb56b1c0f1d479de6e2a32a0.exe
Size

119KB
MD5

d2c3211fbb56b1c0f1d479de6e2a32a0
SHA1

1298ff1152b2e0decbd77c4432020373989375a7
SHA256

b546e376fcdb302e917f0b8fa79ad5f3619552ab52ea4ab822cee8214788fab4
SHA512

1103577f31320fe074957da5f347afe4d031891fe0a3a62fb2462ec289296867e1835978baf821bde24b2fe1ce0ced6bba1f70252e782d011385ee4401c331f0
SSDEEP

3072:wz7+58fHO6y085IAiBrhnOCyVPlbdxxPGK+1Jo:w5H0950hnOCy3DxPnB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d2c3211fbb56b1c0f1d479de6e2a32a0.exe

Files

NEAS.d2c3211fbb56b1c0f1d479de6e2a32a0.exe
.exe windows:4 windows x86

6be0833b9dc388ba280e1a3ea3b80578

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateHardLinkTransactedA
GetComputerNameW
PackageFamilyNameFromId
WaitForDebugEvent
SetFirmwareEnvironmentVariableExA
SetMessageWaitingIndicator
LeaveCriticalSection
CreateActCtxA
ExpandEnvironmentStringsW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE