NEAS[.]781a24845ac72fb3451bacd83e93ef10[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.781a24845ac72fb3451bacd83e93ef10.exe
Size

119KB
MD5

781a24845ac72fb3451bacd83e93ef10
SHA1

64973dbcde2ee73072bff383fb8f174c5d37b2a0
SHA256

78953b3352e09785d96041421f88ac2b8e5bb70066fa196bcaece2a511ea2e62
SHA512

2c6b10e7efb5e05b1931839875368ed37988b81bc8cf3eee31000686f825bce276d98fccb17d88b85cb61d80189789535224b5e05f308bdd8ab24405e8738269
SSDEEP

3072:7UwExKqGQzh3CaClqQf/XHV0lsiYrBb46y+kAVZZqbPY4:3EEud3dClqQfN0NEBb4Wkq7q84

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.781a24845ac72fb3451bacd83e93ef10.exe

Files

NEAS.781a24845ac72fb3451bacd83e93ef10.exe
.exe windows:4 windows x86

503a13c7df0b8eb5dc05006a5cf36584

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Wow64GetThreadContext
WaitForThreadpoolTimerCallbacks
ClearCommBreak
GetNLSVersion
DisableThreadProfiling
RegRestoreKeyA
WTSGetActiveConsoleSessionId
CheckElevationEnabled
SetPriorityClass
SetThreadpoolWait

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE