NEAS[.]2784cdecba16d637c64b35bdd66b3e80[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2784cdecba16d637c64b35bdd66b3e80.exe
Size

119KB
MD5

2784cdecba16d637c64b35bdd66b3e80
SHA1

781349a1baf3f107c561d1cb4ea9e25b4a591cf0
SHA256

e62ec80b600ff68b8e3107197459d02944baf28699f51df6ca61ec2329b3300c
SHA512

f2906f9f3a80e2f39ebb8b166d711ee829b9258a240f1fd43c7f94b3edc66e82954b1c229fcc5c1e85f57857299b825b19d17a49d5fed0ebb247dedef3db7ad2
SSDEEP

3072:5aGL+pX8xCWl8GWynkgzvF3kQ/ouKBArfKLr/1kNoAREBW:OZWlhkIaiqefKPdkNo5BW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2784cdecba16d637c64b35bdd66b3e80.exe

Files

NEAS.2784cdecba16d637c64b35bdd66b3e80.exe
.exe windows:4 windows x86 arch:x86

dd1bacf027b4dc3b4993eaf831fec65b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProfileSectionA
GetConsoleOriginalTitleA
QueryDosDeviceA
GetStagedPackagePathByFullName
CreateActCtxW
Thread32Next
RegUnLoadKeyW
FindFirstVolumeMountPointW
TermsrvSetKeySecurity
BasepInitAppCompatData

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE