NEAS[.]2a167468d2debd0bf8d029261bb61eb0[.]exe | Triage

Sharing

General

Target

NEAS.2a167468d2debd0bf8d029261bb61eb0.exe
Size

119KB
MD5

2a167468d2debd0bf8d029261bb61eb0
SHA1

19627852cce039a206262f13d08077d603fe22ff
SHA256

47f23f461f5f5f3641b154dc7ffcbb3c404b234c0df7951d20bebbedb4b1985e
SHA512

9bb25f340b82b04305be24264982fae3d575b96a9af5095c252a8dc0728a9b2a43e863651ac25dfb13785dd4e2af91ec459602db55f854877e6a0b9d8e6ad7b1
SSDEEP

3072:yuQmZR2tYZ2+TCF/krNl/8V0I9ubTpWuLHqs99:yuQmf2GZZ2UI0oueE9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2a167468d2debd0bf8d029261bb61eb0.exe

Files

NEAS.2a167468d2debd0bf8d029261bb61eb0.exe
.exe windows:4 windows x86

56ab5f71b42b048850f08ee53369f079

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExpandedNameA
GetCurrentConsoleFont
TermsrvSetValueKey
MapViewOfFileExNuma
CheckAllowDecryptedRemoteDestinationPolicy
ReleaseSRWLockExclusive
SetThreadpoolStackInformation
GetApplicationRestartSettings

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE