NWS Neospeech Paul[.]zip

Resubmissions

30/09/2023, 08:04

230930-jx94vshg9t 7

Sharing

Copy URL Twitter E-mail

General

Target

NWS Neospeech Paul.zip
Size

471.2MB
MD5

7fec36daa071df0479b9eca5824ae57d
SHA1

79de974e6e965259abffae2d2dfeefead8141d35
SHA256

35e5f866eb568301230099ed786014cb12ed42122aa901d12c49d86ea635aa5a
SHA512

82ee655c75fe9126797defe1e28af9e97bc7c33a82b62b322817c0f820926ea94142debc25c6648a8baf76e989d564342124ced33de986ade1620a108a4a3108
SSDEEP

12582912:KAHW3i2c86w5B4YDBxJR5zlDA/r+f1nbIEU4EikRg2cB:KAHW3sXw5qYDBxJ7lmq5IELC+

Score

1^/10

Malware Config

Signatures

Files

NWS Neospeech Paul.zip
.zip
0x0409.ini
0x0411.ini
0x0412.ini
ISSetup.dll
.dll regsvr32 windows:4 windows x86

7253277f396205e1060101cb701d1c1c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:fe:07:79:05:95:26:5e:cd:e0:15:a8:f2:5b:c2:e0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/06/2013, 00:00

Not After

26/08/2016, 23:59

Subject

CN=VOICEWARE CO.\, LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VOICEWARE CO.\, LTD.,L=Seongdong-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetWindowRgn

gdi32

SetMetaFileBitsEx

advapi32

QueryServiceStatus

shell32

SHGetPathFromIDListA

ole32

StringFromGUID2

oleaut32

SysAllocStringByteLen

rpcrt4

NdrClearOutParameters

winmm

mciSendCommandA

version

VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProductSKU
InstallEngineTypelib
RemoveEngineTypelib

Sections

.text
Size: 433KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
data1.cab
data1.hdr
data2.cab
layout.bin
setup.bmp
setup.exe
.exe windows:4 windows x86

fc349687b82a59bedb5788849f9f2c0e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:fe:07:79:05:95:26:5e:cd:e0:15:a8:f2:5b:c2:e0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/06/2013, 00:00

Not After

26/08/2016, 23:59

Subject

CN=VOICEWARE CO.\, LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VOICEWARE CO.\, LTD.,L=Seongdong-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

lstrcpynA
lstrcmpiA
GetFileAttributesA
lstrcatA
FindClose
FindFirstFileA
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
CreateFileMappingA
VirtualQuery
CompareStringA
CreateDirectoryA
CompareStringW
GetCurrentDirectoryA
ExpandEnvironmentStringsA
SetFileAttributesA
FileTimeToLocalFileTime
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
IsDBCSLeadByte
MoveFileExA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
WriteFile
lstrlenA
Sleep
CloseHandle
CreateProcessA
lstrlenW
GetDriveTypeA
FindResourceExA
GetPrivateProfileIntA
GetFileSize
SetFilePointer
CreateEventA
QueryPerformanceFrequency
ReleaseMutex
GetSystemDefaultLangID
CreateMutexA
SetErrorMode
LoadLibraryA
FreeLibrary
GetDiskFreeSpaceA
VerLanguageNameA
ReadFile
GetTickCount
GetCommandLineA
ExitThread
CreateThread
GetExitCodeProcess
FreeResource
MulDiv
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
GetLocaleInfoA
GetWindowsDirectoryA
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
GetTempPathA
GetVersionExA
CreateFileA
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GetSystemDirectoryA
SetCurrentDirectoryA
WaitForSingleObject
ExitProcess
GetCurrentProcess
lstrcpyA
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
GetLastError
SetLastError
DeleteFileA
RemoveDirectoryA
MultiByteToWideChar
WideCharToMultiByte
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
FindNextFileA
HeapSize
LCMapStringW
LCMapStringA
TlsGetValue
lstrcmpA
SystemTimeToFileTime
QueryPerformanceCounter
SetEvent
ResetEvent
SearchPathA
VirtualProtect
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetCurrentProcessId
InitializeCriticalSection
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
HeapReAlloc
RaiseException
RtlUnwind
DeleteCriticalSection
InterlockedExchange
GetTempFileNameA
OpenProcess
CompareFileTime
GetProcessTimes
TerminateProcess
GetLocalTime
GetTimeFormatA
GetDateFormatA

user32

CharUpperA
DialogBoxIndirectParamA
WaitForInputIdle
SetActiveWindow
SetForegroundWindow
SetWindowLongA
SetWindowTextA
SendMessageA
GetDlgItem
LoadIconA
EndDialog
MoveWindow
GetWindowRect
wsprintfA
MessageBoxA
SetFocus
BeginPaint
LoadStringA
FillRect
EndPaint
GetMessageA
DefWindowProcA
GetWindow
SystemParametersInfoA
GetSystemMetrics
MapWindowPoints
GetPropA
EnableMenuItem
SetPropA
RemovePropA
GetSysColor
LoadImageA
GetDC
ReleaseDC
CreateDialogParamA
GetParent
GetWindowTextA
IsWindowVisible
CreateDialogIndirectParamA
GetDesktopWindow
ExitWindowsEx
RegisterClassExA
InvalidateRect
IntersectRect
EnumChildWindows
GetWindowDC
GetDlgItemTextA
CreateWindowExA
UpdateWindow
DrawIcon
MapDialogRect
GetClassNameA
CallWindowProcA
DrawFocusRect
InflateRect
DrawTextA
CopyRect
GetClientRect
IsWindowEnabled
FindWindowExA
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
EnableWindow
ShowWindow
SendDlgItemMessageA
PostMessageA
ScreenToClient
SetWindowPos
IsWindow
DestroyWindow
GetWindowLongA
SetDlgItemTextA

gdi32

SetBkMode
SetTextColor
TextOutA
RestoreDC
SetBkColor
CreateSolidBrush
UnrealizeObject
SelectPalette
RealizePalette
BitBlt
CreateCompatibleDC
SelectObject
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
DeleteDC
CreateHalftonePalette
GetDeviceCaps
TranslateCharsetInfo
GetObjectA
CreateFontIndirectA
DeleteObject
DeleteMetaFile
CreateCompatibleBitmap
CreateDCA
GetStockObject
GetTextExtentPoint32A
CreatePatternBrush
CreateDIBitmap
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SaveDC

advapi32

SetSecurityDescriptorGroup
RegCreateKeyExA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegEnumKeyA
RegEnumKeyExA
RegDeleteKeyA
RegEnumValueA
RegQueryValueExA
RegDeleteValueA
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetValueExA
SetSecurityDescriptorDacl
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteExA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity

oleaut32

VariantChangeType
VariantClear
GetErrorInfo
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
SysReAllocStringLen

lz32

LZOpenFileA
LZCopy
LZClose

msi

ord87
ord168
ord8
ord136
ord141

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.ini
setup.inx

Resubmissions

Sharing

General

Malware Config

Signatures

Files

7253277f396205e1060101cb701d1c1c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

49:fe:07:79:05:95:26:5e:cd:e0:15:a8:f2:5b:c2:e0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

winmm

version

Exports

Exports

Sections

.text Size: 433KB - Virtual size: 1.5MB

.rsrc Size: 128KB - Virtual size: 132KB

.reloc Size: 512B - Virtual size: 4KB

fc349687b82a59bedb5788849f9f2c0e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

49:fe:07:79:05:95:26:5e:cd:e0:15:a8:f2:5b:c2:e0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

lz32

msi

rpcrt4

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 30KB - Virtual size: 36KB

.rsrc Size: 290KB - Virtual size: 289KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

49:fe:07:79:05:95:26:5e:cd:e0:15:a8:f2:5b:c2:e0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 433KB - Virtual size: 1.5MB

.rsrc
Size: 128KB - Virtual size: 132KB

.reloc
Size: 512B - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

49:fe:07:79:05:95:26:5e:cd:e0:15:a8:f2:5b:c2:e0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 30KB - Virtual size: 36KB

.rsrc
Size: 290KB - Virtual size: 289KB