NEAS[.]b1bc84cb89d0cb583db595d23902ef50[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b1bc84cb89d0cb583db595d23902ef50.exe
Size

119KB
MD5

b1bc84cb89d0cb583db595d23902ef50
SHA1

711e3797c0c1a53510e1f5871804ff0ae2180ee2
SHA256

69f416469069325896111397caa7a5684fe3cdf86158821c8b427fab39f5d96a
SHA512

9f9f41983d2affa3f70f9cb57f9cf732a84fe9947a848c5ed00fe0ef2699fc3b8c16bd85b155316518e26b32028c52245d1e38bb5a70e1809531d2673d8c1705
SSDEEP

3072:dyT3mi9zMZhxMKaDiZMLncHF9NwdOMSrYc:dyJChF3eLcl9NwTSx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b1bc84cb89d0cb583db595d23902ef50.exe

Files

NEAS.b1bc84cb89d0cb583db595d23902ef50.exe
.exe windows:4 windows x86

65273df7cf0ce1a2d7824b20b9069c04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStructA
AppPolicyGetWindowingModel
ReplacePartitionUnit
FindStringOrdinal
ReleaseSRWLockShared
TlsFree
ApplicationRecoveryFinished
GetDateFormatWWorker
RegDeleteKeyExA
CloseThreadpoolCleanupGroupMembers

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE