NEAS[.]93d10ff17e6daf2f3ef8adc43eea2f30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.93d10ff17e6daf2f3ef8adc43eea2f30.exe
Size

585KB
MD5

93d10ff17e6daf2f3ef8adc43eea2f30
SHA1

99c155fe8b81e72e9c2ed096e48c0c9015ce371b
SHA256

4cf8c19b7948599c11c27ac6ac92c5c09b4855e276251e5827a5d70c6a4f4ce4
SHA512

931e6ce0ff62fd782f423cd922363f1464c335a3d296110ea99c5c0ea27015635eafaf0d2f46d31474522eeaaba42bdbb6440f47da4e57cc6619bde8835f2a61
SSDEEP

12288:rtc/hFdNCwpl+MS1BkSqFnBlfVe0mD/TvMZ9dwS7nd20:xc/hFdN9z+MS1BkSwXfVe0iTvMZBg0

Score

1^/10

Malware Config

Signatures

Files

NEAS.93d10ff17e6daf2f3ef8adc43eea2f30.exe
.exe windows:4 windows x86

93a6338eb46f7beb8ec9bc71e4c0f92a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:c9:b1:43:a4:b1:33:df:3c:4c:64:16:93:84:3f:ac
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/05/2009, 00:00

Not After

23/05/2011, 23:59

Subject

CN=Data Techniques\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Data Techniques\, Inc.,L=Burnsville,ST=NorthCarolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:24:2e:88:db:bf:af:c6:c5:91:87:90:d2:40:f0:e2:7b:6e:ef:5f
Signer

Actual PE Digest

dd:24:2e:88:db:bf:af:c6:c5:91:87:90:d2:40:f0:e2:7b:6e:ef:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

faxman4d

_FaxResetInternalPointers@4
_FaxCopy@4
_FaxInitSendStruct@8

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc71

ord5073
ord6275
ord4185
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord1908
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord5152
ord4244
ord1401
ord3946
ord1617
ord1620
ord5912
ord1551
ord1670
ord1671
ord2178
ord2020
ord4580
ord4890
ord4735
ord4212
ord5182
ord3441
ord3641
ord1230
ord300
ord2403
ord2415
ord2392
ord2396
ord2398
ord2400
ord2390
ord5233
ord5235
ord5529
ord4108
ord6099
ord723
ord3296
ord3109
ord970
ord908
ord911
ord757
ord566
ord1206
ord2902
ord865
ord1258
ord3110
ord6306
ord6305
ord1084
ord2372
ord6144
ord1063
ord1283
ord2371
ord1955
ord3244
ord2094
ord4100
ord385
ord3056
ord2021
ord630
ord5655
ord2322
ord266
ord1187
ord1191
ord1003
ord5445
ord531
ord1185
ord784
ord310
ord305
ord2131
ord781
ord3934
ord304
ord4081
ord762
ord876
ord1482
ord297
ord578
ord265
ord5807
ord764
ord605
ord354
ord4262
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord923
ord2172

msvcr71

_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_strcmpi
__setusermatherr
__getmainargs
_amsg_exit
_acmdln
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
memset
srand
rand
tolower
toupper
isalnum
isxdigit
isspace
isdigit
_purecall
scanf
exit
time
remove
mktime
localtime
fclose
fseek
ftell
fwrite
fread
fopen
_stricmp
_mkdir
printf
_beginthread
_endthread
strstr
getenv
_wcsdup
strncpy
_strrev
_localtime64
_mktime64
_itoa
sscanf
strtok
wcscpy
_except_handler3
_resetstkoflw
_findfirst
_unlink
_findnext
_findclose
_time64
_getpid
memmove
realloc
sprintf
atof
atoi
malloc
free
strchr
isprint
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__CxxFrameHandler
_mbsinc
_mbspbrk
_mbschr
_initterm
_strdup
_strnicmp
_strupr
strncmp
_adjust_fdiv

kernel32

DuplicateHandle
LocalSize
LocalLock
LocalUnlock
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FileTimeToSystemTime
GetSystemInfo
CreateFileMappingA
CreateMutexA
GetModuleHandleA
OpenFileMappingA
MapViewOfFile
OpenEventA
OpenMutexA
GetTickCount
OutputDebugStringA
ReleaseMutex
UnmapViewOfFile
SleepEx
FindResourceA
LoadResource
LockResource
SizeofResource
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
SetFilePointer
GetLocalTime
SetUnhandledExceptionFilter
CopyFileA
DeleteFileA
RaiseException
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
SetEvent
SetCommBreak
CloseHandle
ReadFile
Sleep
GetLastError
WaitForMultipleObjects
ResetEvent
WaitForSingleObject
PurgeComm
GetOverlappedResult
CancelIo
WriteFile
CreateFileA
GetCommState
SetupComm
SetCommState
SetCommTimeouts
ClearCommError
CreateEventA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LocalFree
FormatMessageA
SetConsoleCtrlHandler
GetCommandLineA
GetTimeFormatA
GetDateFormatA
SetThreadPriority
GetCurrentThread
GetProcessHeap
FindClose
FindFirstFileA
GetTempPathA
GetCommTimeouts
FileTimeToDosDateTime
FileTimeToLocalFileTime
HeapFree
GlobalReAlloc
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
DeleteFileW
LoadLibraryW
QueryPerformanceCounter
GetSystemTime
GetSystemTimeAsFileTime
LockFileEx
InterlockedIncrement
GetTempPathW
CreateFileW
GetFullPathNameA
GetFullPathNameW
GetTempFileNameA
ExitProcess
GetStartupInfoA
DeleteCriticalSection
HeapAlloc

user32

MsgWaitForMultipleObjects
GetMessageA
DispatchMessageA
RegisterWindowMessageA
SetForegroundWindow
GetCursorPos
PostMessageA
LoadMenuA
RemoveMenu
MessageBoxA
LoadIconA
LoadStringA
CharUpperW
CharUpperA
CharLowerW
CharLowerA
wsprintfA
PeekMessageA
EnableWindow
TranslateMessage
DrawTextA
UnregisterClassA
GetSubMenu

gdi32

PatBlt
SelectObject
GetDIBits
CreateCompatibleDC
DeleteDC
Ellipse
RoundRect
CreateDCA
CreateBitmap
TextOutA
MoveToEx
SetTextAlign
CreateFontIndirectA
SetBkMode
SetWindowExtEx
SetViewportExtEx
SetMapMode
Rectangle
LineTo
CreatePen
SetDIBits
SetTextColor
GetDeviceCaps
RestoreDC
CreateBrushIndirect
DeleteObject
Polygon
SaveDC

advapi32

AddAccessDeniedAce
AddAccessAllowedAce
IsValidSid
GetLengthSid
AllocateAndInitializeSid
FreeSid
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl

shell32

Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
OleLoad
CoCreateInstance
OleDraw

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 464KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93a6338eb46f7beb8ec9bc71e4c0f92a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

02:c9:b1:43:a4:b1:33:df:3c:4c:64:16:93:84:3f:acCertificate

Extended Key Usages

Key Usages

dd:24:2e:88:db:bf:af:c6:c5:91:87:90:d2:40:f0:e2:7b:6e:ef:5fSigner

Headers

File Characteristics

Imports

faxman4d

version

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp71

Sections

.text Size: 464KB - Virtual size: 460KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 32KB - Virtual size: 29KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

02:c9:b1:43:a4:b1:33:df:3c:4c:64:16:93:84:3f:ac
Certificate

dd:24:2e:88:db:bf:af:c6:c5:91:87:90:d2:40:f0:e2:7b:6e:ef:5f
Signer

.text
Size: 464KB - Virtual size: 460KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 32KB - Virtual size: 29KB