NEAS[.]9e6ff48def76f1a064c820c45cf3fcd0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9e6ff48def76f1a064c820c45cf3fcd0.exe
Size

119KB
MD5

9e6ff48def76f1a064c820c45cf3fcd0
SHA1

6180c5708f2b57c9d65b4a42be839b91dcac1aea
SHA256

8d2a80373be5325cc02dba176e43a309ade9ec9ba4d4e1a2437b58df53bae193
SHA512

110e5e08e1a0b7e0f990983626ce28978bf26af44099fa41637890240ba21e28608a50ea8783fe6e72368732f04d8a8b5e140a4c58495ef7767e9fd9981414e6
SSDEEP

3072:ZrIPnG/Rpyh0+nG9BC2Bq4WlgOhruOZpFbEUpBi+dD:0WRpyU9BL/WlVFIUp/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9e6ff48def76f1a064c820c45cf3fcd0.exe

Files

NEAS.9e6ff48def76f1a064c820c45cf3fcd0.exe
.exe windows:4 windows x86 arch:x86

d577fae3362e5e91ce52afa125c8a440

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileShortNameA
FindNextFileA
SetThreadPreferredUILanguages
FindVolumeClose
BasepGetAppCompatData
GetLongPathNameA
TermsrvSyncUserIniFileExt
DisassociateCurrentThreadFromCallback
PrepareTape
GetThreadUILanguage

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE