NEAS[.]e112adfd8f529a21036651a1733c6070[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e112adfd8f529a21036651a1733c6070.exe
Size

119KB
MD5

e112adfd8f529a21036651a1733c6070
SHA1

606be4cf2368b50e641267525a24f8e8a59e432f
SHA256

3b9fb73cf000f46bd1353c1e13050ac56b1b4aa0201c44c2d420f1f73716fc88
SHA512

4610f75d9a46f09b1d4c03303a336139d13391d9b057ca2f0f2c09f6747bc499731385f72a1aa84bd684ace14eed887a6f64e22a669e39b0e23f78976fa474b1
SSDEEP

3072:iKnG3lvUtgLeTwZO9nwM+kK1BelNo8TaTQvs7I2ro:ixuttUO9nwEKrANo8T84+fM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e112adfd8f529a21036651a1733c6070.exe

Files

NEAS.e112adfd8f529a21036651a1733c6070.exe
.exe windows:4 windows x86 arch:x86

c7fd14a6f1f5729fb370f110f9d4e613

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreA
BasepGetComputerNameFromNtPath
FindNextVolumeW
EnumSystemLanguageGroupsW
RegCreateKeyExW
DnsHostnameToComputerNameExW
BeginUpdateResourceW
SetVolumeMountPointA
ConvertDefaultLocale

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE