NEAS[.]2207677bf13c097e4bef65156ad8b880[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2207677bf13c097e4bef65156ad8b880.exe
Size

270KB
MD5

2207677bf13c097e4bef65156ad8b880
SHA1

b135ac8285074dbe165a5e83e07090fc4087b6b6
SHA256

4a0e2c68b41b0971daed3e38e989deb9e00e266f922a7ffae9b2e50d79594fcc
SHA512

b50da19cfe789ad4f8dd55f97ff847d43f4a6cae65ca1661ef414f5640831a6484dca3737f0fc428fa51721c44070b44d0fdd809276f5f20ac1ab678545bdd14
SSDEEP

6144:BRGO6+VgtOQSLhySr60RkZ3zcr/bMh09a88eagh08S2STEHiLs+xM9vyItZOt6cW:BRpStbStr6z6qGHaghvhhiQ+u9vyIEux

Score

1^/10

Malware Config

Signatures

Files

NEAS.2207677bf13c097e4bef65156ad8b880.exe
.dll windows:5 windows x86

a35b121ee5813bb3fb01425ab6435a7b

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:85:45:74:ba:56:00:f9:2a:58:95:69:38:44:6d:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/05/2012, 00:00

Not After

09/05/2013, 23:59

Subject

CN=Zoom Video Communications\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zoom Video Communications\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:12:e5:28:ec:8d:88:e6:12:a6:42:99:ab:08:c9:91:dc:b0:9e:8b
Signer

Actual PE Digest

25:12:e5:28:ec:8d:88:e6:12:a6:42:99:ab:08:c9:91:dc:b0:9e:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringW
InterlockedExchange
LoadLibraryW
DeleteCriticalSection
InterlockedCompareExchange
GetProcAddress
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
SizeofResource
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
VirtualProtectEx
CloseHandle
GlobalFree
GetLastError
CreateFileW
ReadFile
GetTickCount
GetFileSize
GetCurrentThreadId
EnterCriticalSection
SetLastError
RaiseException
FlushInstructionCache
LeaveCriticalSection
GetCurrentProcess
GlobalUnlock
GlobalAlloc
GlobalLock
lstrcmpiW

user32

IsIconic
GetWindowRect
MoveWindow
SetWindowTextW
SetClipboardData
OpenClipboard
EmptyClipboard
SetParent
CloseClipboard
CreateWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
GetSystemMetrics
GetCursorPos
KillTimer
SetTimer
ClientToScreen
SetForegroundWindow
LoadImageW
wvsprintfW
SetLayeredWindowAttributes
SystemParametersInfoW
CharNextW
RegisterClassW
PostQuitMessage
PostMessageW
GetWindowThreadProcessId
GetDesktopWindow
GetWindowPlacement
GetForegroundWindow
SetPropW
SetFocus
AttachThreadInput
DrawTextW
MonitorFromPoint
SetActiveWindow
RemovePropW
SetCursor
WindowFromPoint
GetKeyState
ScreenToClient
DestroyMenu
EnableMenuItem
LoadMenuW
DeleteMenu
GetSubMenu
TrackPopupMenu
GetActiveWindow
FlashWindow
IsZoomed
GetClientRect
GetParent
BringWindowToTop
MonitorFromRect
UnregisterClassA
DestroyIcon
SendMessageW
IsWindow
LoadIconW
DestroyWindow
ShowWindow
DefWindowProcW
CallWindowProcW
SetWindowLongW
GetWindowLongW
GetWindow
GetMonitorInfoW
MapWindowPoints
IsWindowVisible
SetWindowPos
MonitorFromWindow

gdi32

CreateFontIndirectW
GetObjectW
EnumFontFamiliesW
SelectObject
CreateICW
DeleteDC
DeleteObject

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

CoTaskMemRealloc
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

cmmlib

CmmMQ_GetService
??8?$CStringT@_W@Cmm@@QBE_NPB_W@Z
?GetAt@?$CStringT@_W@Cmm@@QBE_WH@Z
??0CSBMBMessage_NotifyClientRegistry@@QAE@XZ
?Get_ClientID@CSBMBMessage_NotifyClientRegistry@@QAEAAV?$CStringT@D@Cmm@@XZ
??1CSBMBMessage_NotifyClientRegistry@@UAE@XZ
?Get_ClientID@CSBMBMessage_NotifyClientUnRegistry@@QAEAAV?$CStringT@D@Cmm@@XZ
??1CSBMBMessage_NotifyClientUnRegistry@@UAE@XZ
??0CSBMBMessage_NotifyAfterInit@@QAE@XZ
?Detach@CChain@Cmm@@QAEXXZ
?Format@?$CStringT@_W@Cmm@@QAAXPB_WZZ
??1?$CStringT@_W@Cmm@@UAE@XZ
??0?$CStringT@_W@Cmm@@QAE@PB_W@Z
??0?$CStringT@_W@Cmm@@QAE@ABV01@@Z
??1CmmFunctionLogger@@QAE@XZ
??0CmmFunctionLogger@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0?$CStringT@_W@Cmm@@QAE@XZ
??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@PB_W@Z
??1LogMessage@logging@@QAE@XZ
??0LogMessage@logging@@QAE@PBDHH@Z
?GetMinLogLevel@logging@@YAHXZ
?ZMGetShareToJoinUrl@Cmm@@YAH_JAAV?$CStringT@_W@1@@Z
?Replace@?$CStringT@_W@Cmm@@QAEXPB_W0@Z
??8?$CStringT@_W@Cmm@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??Y?$CStringT@_W@Cmm@@QAEAAV01@_W@Z
??4?$CStringT@_W@Cmm@@QAEAAV01@PB_W@Z
??B?$CStringT@_W@Cmm@@QBEPB_WXZ
??4?$CStringT@_W@Cmm@@QAEAAV01@ABV01@@Z
??9?$CStringT@_W@Cmm@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0?$CStringT@_W@Cmm@@QAE@PBD@Z
??Y?$CStringT@_W@Cmm@@QAEAAV01@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??Y?$CStringT@_W@Cmm@@QAEAAV01@PB_W@Z
?cmm_str_convert@@YAIHPADIPB_WI@Z
??0CSBMBMessage_NotifyClientUnRegistry@@QAE@XZ
?SetLength@?$CStringT@D@Cmm@@QAEXI@Z
?GetBuffer@?$CStringT@D@Cmm@@QAEPADI@Z
?Empty@?$CStringT@_W@Cmm@@QAEXXZ
??0CFileName@Cmm@@QAE@XZ
??1CFileName@Cmm@@UAE@XZ
?SetLength@?$CStringT@_W@Cmm@@QAEXI@Z
?cmm_str_convert@@YAIHPA_WIPBDI@Z
?GetSpecialDirectory@CFileName@Cmm@@QAEXW4SpecialFolder@12@H@Z
??0?$CStringT@_W@Cmm@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??H?$CStringT@_W@Cmm@@QBE?AV01@ABV01@@Z
?GetBuffer@?$CStringT@_W@Cmm@@QAEPA_WI@Z
??1?$CStringT@D@Cmm@@UAE@XZ
??0?$CStringT@D@Cmm@@QAE@XZ
?ParseMsg@?$CmmMessageTemplate_1@V?$CStringT@D@Cmm@@@Archive@Cmm@@UAEHPBVCmmMQ_Msg@3@@Z
??1CSBMBMessage_NotifyBeforeTerm@@UAE@XZ
?Get_AppName@CSBMBMessage_NotifyBeforeTerm@@QAEAAV?$CStringT@D@Cmm@@XZ
??0CSBMBMessage_NotifyBeforeTerm@@QAE@XZ
??1CSBMBMessage_NotifyAfterInit@@UAE@XZ
?CompareNoCase@?$CStringT@_W@Cmm@@QBEHPB_W@Z
?Get_AppName@CSBMBMessage_NotifyAfterInit@@QAEAAV?$CStringT@D@Cmm@@XZ

cmmuilib

?MoveWindow@CZPUIWindow@Cmm@@QAEHHHHHH@Z
?SetWindowTextW@CZPUIWindow@Cmm@@QAEHPB_W@Z
?SendMessageW@CZPUIWindow@Cmm@@QBEJIIJ@Z
?SubclassWindow@CZPUIWindow@Cmm@@QAEXPAV?$CMessageChainT@PAVCZPUIWinCtl@Cmm@@@2@@Z
?GetPic@CZPUIApp@Cmm@@SAPAVIZPUIPic@2@PAUHINSTANCE__@@H@Z
?SetFocus@CZPUIWindow@Cmm@@QAEHXZ
?EnableWindow@CZPUIWindow@Cmm@@QAEHH@Z
?IsWindowEnabled@CZPUIWindow@Cmm@@QBEHXZ
?IsWindowVisible@CZPUIWindow@Cmm@@QBEHXZ
?GetWindowTextW@CZPUIWindow@Cmm@@QBEXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?CreateDlg@CZPWindowHelper@Cmm@@SAPAUHWND__@@AAPAVCZPUIWinCtl@2@AAPAU3@PAV?$CMessageChainT@PAUHWND__@@@2@PAUHINSTANCE__@@HPAU3@PB_W@Z
?IsUseSystemFrame@Cmm@@YAHXZ
?IsFocus@CZPUIWindow@Cmm@@QAEHXZ
?ChangeFrame@CZPUIWindow@Cmm@@QAEHH@Z
?ShowWindow@CZPUIWindow@Cmm@@QAEHH@Z
?Invalidate@CZPUIWindow@Cmm@@QAEHH@Z
?UpdateWindow@CZPUIWindow@Cmm@@QAEHXZ
?GetClientRect@CZPUIWindow@Cmm@@QBEXPAUtagRECT@@@Z
?SetStyle@CZPUIWindow@Cmm@@QAEKK@Z
?GetStyle@CZPUIWindow@Cmm@@QBEKXZ
?ZPUIShutdown@Cmm@@YAXXZ
?ZPUIStartup@Cmm@@YAHPAUHINSTANCE__@@PB_W11@Z
?ZPUISetUseSystemFrame@Cmm@@YAHH@Z
?GetDC@CZPUIWindow@Cmm@@QAEPAUHDC__@@H@Z
?GetFont@CZPUIWindow@Cmm@@QBEPAUHFONT__@@XZ
?GetWindowTextLengthW@CZPUIWindow@Cmm@@QBEHXZ
?GetWindowTextW@CZPUIWindow@Cmm@@QBEHPA_WH@Z
?ZPUILoadString@Cmm@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAUHINSTANCE__@@H@Z
?SetFont@CZPUIWindow@Cmm@@QAEXPAUHFONT__@@H@Z
?DestroyWindow@CZPUIWindow@Cmm@@QAEHXZ
?CreateDlgItem@CZPUIWindow@Cmm@@QAEPAVCZPUIWinCtl@2@PAV32@IPAV?$CMessageChainT@PAVCZPUIWinCtl@Cmm@@@2@@Z
?ChildWindowFromPoint@CZPUIWindow@Cmm@@QBEPAVCZPUIWinCtl@2@UtagPOINT@@@Z
?InvalidateRect@CZPUIWindow@Cmm@@QAEHPBUtagRECT@@H@Z
?GetPaddingRect@CZPUIWindow@Cmm@@QBEXPAUtagRECT@@@Z
?GetDlgItem@CZPUIWindow@Cmm@@QBEPAVCZPUIWinCtl@2@H@Z
?SetWindowPos@CZPUIWindow@Cmm@@QAEHPAVCZPUIWinCtl@2@HHHHI@Z
?GetWindowRect@CZPUIWindow@Cmm@@QBEXPAUtagRECT@@@Z

comctl32

InitCommonControlsEx

msvcp90

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z

msvcr90

?what@exception@std@@UBEPBDXZ
memmove_s
??1exception@std@@UAE@XZ
_purecall
??_V@YAXPAX@Z
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
swprintf_s
_recalloc
wcscpy_s
wcsncpy_s
free
malloc
wcsstr
memcpy_s
_wtoi
memcpy
_i64tow_s
memset
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
__CxxFrameHandler3
__RTDynamicCast
_CxxThrowException
??2@YAPAXI@Z

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipFree

Exports

Exports

InitModule
TermModule

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a35b121ee5813bb3fb01425ab6435a7b

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5b:85:45:74:ba:56:00:f9:2a:58:95:69:38:44:6d:fbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:12:e5:28:ec:8d:88:e6:12:a6:42:99:ab:08:c9:91:dc:b0:9e:8bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

cmmlib

cmmuilib

comctl32

msvcp90

msvcr90

gdiplus

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 23KB - Virtual size: 23KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5b:85:45:74:ba:56:00:f9:2a:58:95:69:38:44:6d:fb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:12:e5:28:ec:8d:88:e6:12:a6:42:99:ab:08:c9:91:dc:b0:9e:8b
Signer

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 23KB - Virtual size: 23KB