NEAS[.]f2b6e4cfd976fd16d1f4de245691f7f0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f2b6e4cfd976fd16d1f4de245691f7f0.exe
Size

119KB
MD5

f2b6e4cfd976fd16d1f4de245691f7f0
SHA1

dfd8241a92477d718728a13fc13519a70fb9627a
SHA256

a7466add3d09fa6758b31bf0c06c5bd7ebe8144369fac06340950484fcd866d1
SHA512

d3df1e6a679ceb65eb3aef91a0feacdddd8695dfb4d11071b60f35f62326054ea4b094bccd302a32cd0509b642efdb5437633497ae406a6e05366ad95abcc99f
SSDEEP

3072:ptaBHuEG6BfSNYMaBMPqV8BMX0Uoo29oGXSva2F81bk44:G/K8kjokP1O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f2b6e4cfd976fd16d1f4de245691f7f0.exe

Files

NEAS.f2b6e4cfd976fd16d1f4de245691f7f0.exe
.exe windows:4 windows x86 arch:x86

3f71b7fa8159c1df5e33cd160ab5a8fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetApplicationUserModelId
_hread
CheckElevation
GetCurrentProcessorNumberEx
GetNumaNodeProcessorMaskEx
CreateSymbolicLinkTransactedW
EnumResourceNamesExW
GetProcessHeaps
_lwrite
GetNumaProximityNodeEx

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE