NEAS[.]3603be7968ef6004a25c43dcfc421840[.]exe | Triage

Sharing

General

Target

NEAS.3603be7968ef6004a25c43dcfc421840.exe
Size

119KB
MD5

3603be7968ef6004a25c43dcfc421840
SHA1

959e965d635ed4b84b3257881d761789c6c224ef
SHA256

12daff31a238ff0a3e1b6e637231b8d8bed2d206954efde9d0179df617293f0d
SHA512

90558d69e0c7e43ed305d84f9916aed37e83dc2940f2ded88247e118a39ee1fb308d26b95ff47246d38e7a0614e0b1cb26e426ddfe638d2ee30fbed4ba3b8993
SSDEEP

3072:gPdX45uwQuMniYeSmr68Q2RO9noFAj27EiyG:4dmplMtmeX2RIiX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3603be7968ef6004a25c43dcfc421840.exe

Files

NEAS.3603be7968ef6004a25c43dcfc421840.exe
.exe windows:4 windows x86 arch:x86

27c6483af4e5effa1b631d347179e872

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalCompact
SetFirmwareEnvironmentVariableA
RaiseInvalid16BitExeError
GetCurrentPackageFamilyName
GetConsoleCommandHistoryLengthW
LocalFree
BasepReleaseAppXContext
IsWow64Process
TerminateJobObject

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE