NEAS[.]213dceddf72819d73f71b02ef03c1b50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.213dceddf72819d73f71b02ef03c1b50.exe
Size

216KB
MD5

213dceddf72819d73f71b02ef03c1b50
SHA1

e255447526cc75e2e972392c04d87bb33dbdcb20
SHA256

0557d3bf73629d0e7758a9f33cf56e0e610f76d918edf1789b5751b58a35c3e6
SHA512

99dfe0ee9485b099dd2bbd27ed36983c3fa6e4e3c01d167848c64e9b45c06955588eb21d19baf5835b6c14685f03c00274ca9cb08a1f6eca1d57178923d4596d
SSDEEP

6144:I5j02Pk+uR80EwhPJfrSheFgiCQMBV+UdvrEFp7hKd:IDASiCQMBjvrEH7q

Score

1^/10

Malware Config

Signatures

Files

NEAS.213dceddf72819d73f71b02ef03c1b50.exe
.exe windows:4 windows x86

fddd0d7a49fd449ed02663cac9dca66e

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:f6:65:7a:18:c4:c2:70:22:13:07:1d:e1:58:e9:8d:46:e0:bf:10:8b:c0:6a:6e:ef:a9:07:c2:1f:15:c0:de
Signer

Actual PE Digest

6e:f6:65:7a:18:c4:c2:70:22:13:07:1d:e1:58:e9:8d:46:e0:bf:10:8b:c0:6a:6e:ef:a9:07:c2:1f:15:c0:de

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__commode
_onexit
__dllonexit
pow
log10
strlen
qsort
_wcslwr
_itow
memmove
memcmp
wcstoul
wcsncpy
__p__fmode
__set_app_type
_controlfp
_except_handler3
_c_exit
wcscmp
malloc
free
_memicmp
modf
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
_ultow
_wcsicmp
wcschr
_wcsnicmp
_purecall
_wtoi
wcsrchr
wcscpy
_wtof
memset
wcslen
wcsncat
_snwprintf
wcscat

comctl32

ImageList_ReplaceIcon
ImageList_SetOverlayImage
ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetCurrentProcessId
ExitProcess
OpenProcess
GetCurrentThreadId
CreateProcessW
SetEnvironmentVariableW
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
ReadProcessMemory
SetErrorMode
Sleep
DeleteFileW
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
GetCurrentProcess
GlobalAlloc
LocalFree
lstrlenW
GetSystemDirectoryW
lstrcpyW
WideCharToMultiByte
GlobalUnlock
ExpandEnvironmentStringsW
GetTempPathW
GetLastError
GetTempFileNameW
GlobalLock
SizeofResource
GetFileSize
FormatMessageW
GetVersionExW
GetFileAttributesW
CloseHandle
GetWindowsDirectoryW
ReadFile
FindResourceW
WriteFile
CreateFileW
LoadResource
LockResource
LoadLibraryExW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
GetCurrentDirectoryW
GetSystemTimeAsFileTime

user32

IsWindowVisible
SetForegroundWindow
AttachThreadInput
EnumWindows
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorW
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
MonitorFromWindow
GetWindow
BeginPaint
EndPaint
GetClientRect
SetWindowPos
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetSystemMetrics
TranslateAcceleratorW
SetMenu
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
SetFocus
GetDC
GetSubMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
InsertMenuItemW
MoveWindow
GetClassNameW
OpenClipboard
GetWindowThreadProcessId
CheckMenuItem
GetMenuItemCount
GetMenuStringW
EnumChildWindows
LoadStringW
CheckMenuRadioItem
SetClipboardData
CloseClipboard
EnableWindow
GetCursorPos
MapWindowPoints
GetParent
GetMenu
GetForegroundWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
GetDesktopWindow
DestroyWindow
SetMenuItemInfoW
DestroyIcon
CreatePopupMenu
GetKeyState
InsertMenuW
IsDialogMessageW
RemoveMenu
TranslateMessage
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
DrawTextExW
SetTimer
EndDeferWindowPos
DeleteMenu
AppendMenuW
BeginDeferWindowPos
KillTimer
GetMonitorInfoW
CreateWindowExW

gdi32

GetTextExtentPoint32W
SetBkColor
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
GetDeviceCaps
GetStockObject
CreateCompatibleDC
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
DeleteObject

comdlg32

ChooseFontW
FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW
Shell_NotifyIconW
ExtractIconExW
SHGetFileInfoW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
PropVariantClear
CoInitialize

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fddd0d7a49fd449ed02663cac9dca66e

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

6e:f6:65:7a:18:c4:c2:70:22:13:07:1d:e1:58:e9:8d:46:e0:bf:10:8b:c0:6a:6e:ef:a9:07:c2:1f:15:c0:deSigner

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 9KB

.rsrc Size: 29KB - Virtual size: 29KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

6e:f6:65:7a:18:c4:c2:70:22:13:07:1d:e1:58:e9:8d:46:e0:bf:10:8b:c0:6a:6e:ef:a9:07:c2:1f:15:c0:de
Signer

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 9KB

.rsrc
Size: 29KB - Virtual size: 29KB