NEAS[.]277c5a66cc0dcf08a50bd0fe555f5a50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.277c5a66cc0dcf08a50bd0fe555f5a50.exe
Size

169KB
MD5

277c5a66cc0dcf08a50bd0fe555f5a50
SHA1

b5d5895f2ba64cdb48bb9ac30a3fafa84d056720
SHA256

5f039d583ba42929375a8fce8e89f4ff8f4395c4a27482a490dc7b1562abca7f
SHA512

5541939f9c03ed07f1e87997741d35cac0dcc52f1e586f0971664011abd19eaa2c8b6e9a533eafdf9fc179f5be85ccd215fcecf34038d95b32c86075ec51cd61
SSDEEP

3072:BItQv1iyODswNLmqxY3AMVJ1Ev54EI6+JJTH0O9+eF5I2lQBV+UdE+rECWp7hKDC:BHv1lOg4VINJHoBV+UdvrEFp7hKD78X

Score

1^/10

Malware Config

Signatures

Files

NEAS.277c5a66cc0dcf08a50bd0fe555f5a50.exe
.dll windows:6 windows x86

fcc13f8625d566aaaa2bb3f0da90254b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c6:35:49:92:58:37:0a:17:e4:a2:32:98:71:14:1f:c3:ac:f6:2d:d3
Signer

Actual PE Digest

c6:35:49:92:58:37:0a:17:e4:a2:32:98:71:14:1f:c3:ac:f6:2d:d3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
LocalFree
LocalAlloc
lstrcmpA
WideCharToMultiByte
GetSystemDefaultLCID
LoadLibraryW
GetModuleFileNameW
MultiByteToWideChar
CompareStringA
CreateDirectoryA
GetWindowsDirectoryA
FormatMessageA
GetCommandLineA
HeapFree
HeapReAlloc
HeapAlloc
GetLocalTime
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemDirectoryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RtlUnwind
WriteFile
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
ReadFile
VirtualProtect
GetSystemInfo
VirtualQuery
SetCurrentDirectoryA
GetVersionExA
LoadLibraryA
GetProcAddress
SetCurrentDirectoryW
OutputDebugStringA
CreateMutexA
GetLastError
CloseHandle
GetSystemTimeAsFileTime
FreeLibrary

user32

GetKeyboardType
DestroyWindow
SetFocus
CreateDialogParamA
SetDlgItemTextA
MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA

winmm

mmioRead
mmioDescend
mmioClose
mmioOpenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

StringFromGUID2

Exports

Exports

DirectXDeviceDriverSetupA
DirectXDeviceDriverSetupW
DirectXLoadString
DirectXRegisterApplicationA
DirectXRegisterApplicationW
DirectXSetupA
DirectXSetupCallback
DirectXSetupGetEULAA
DirectXSetupGetEULAW
DirectXSetupGetFileVersion
DirectXSetupGetVersion
DirectXSetupIsEng
DirectXSetupIsJapan
DirectXSetupIsJapanNec
DirectXSetupSetCallback
DirectXSetupShowEULA
DirectXSetupW
DirectXUnRegisterApplication

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcc13f8625d566aaaa2bb3f0da90254b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:b2:9b:00:00:00:00:00:15Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

c6:35:49:92:58:37:0a:17:e4:a2:32:98:71:14:1f:c3:ac:f6:2d:d3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winmm

version

ole32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 74KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:b2:9b:00:00:00:00:00:15
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

c6:35:49:92:58:37:0a:17:e4:a2:32:98:71:14:1f:c3:ac:f6:2d:d3
Signer

.text
Size: 74KB - Virtual size: 74KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB