NEAS[.]baaa58c27dd90c3cb8da32da6825ae90[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.baaa58c27dd90c3cb8da32da6825ae90.exe
Size

119KB
MD5

baaa58c27dd90c3cb8da32da6825ae90
SHA1

2384acfc457f2013c90a13a27ca07ec0712d1d26
SHA256

e9f1e28a996f55d538720c02ec584ca3bf78a5607d1b10f8d7ef5b2f8ba7f15e
SHA512

c1305db176d59c824d7351c6231e8f9a8a5d5c213975e2a06fdb35759f20cbaed656e019c8f5ff0ec616450fb5ed9784cdde1167d4d4badba9a5385f010d5f9e
SSDEEP

3072:STHiJHSkivqoml8JlzgAt7ns59LaIkssn5AOACnJIvpq+X+os2CN1zf:PTivfmszgAZns59+KsaOA2Jepq+XY2CL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.baaa58c27dd90c3cb8da32da6825ae90.exe

Files

NEAS.baaa58c27dd90c3cb8da32da6825ae90.exe
.exe windows:4 windows x86 arch:x86

5b5e29c433a4c82629cb7a022775f418

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessAsUserW
GetConsoleInputExeNameW
Wow64SuspendThread
OpenWaitableTimerW
GetPackagePathByFullName
CreateToolhelp32Snapshot
DeactivateActCtxWorker
GetConsoleHistoryInfo
PssWalkMarkerFree

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE