NEAS[.]9621a047ec6114eb35b156b42a15cab0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.9621a047ec6114eb35b156b42a15cab0.exe
Size

567KB
MD5

9621a047ec6114eb35b156b42a15cab0
SHA1

57efe0d470c5bcf3e02d11ffb79a250e98dbd24d
SHA256

e9ec5ecd6cf29bb8031b6e2c8a248f9ded68a78986da03fe2dbcefe607e5f987
SHA512

69f5a66485e2f7046a230ab6b5a474ea94c5a074e428155d83c06dd208b9c842d7d4f6ec70a73fd9366efedb723b540d1882202194bfa91d8be659adfbf65ba9
SSDEEP

12288:OtVZUeLe3D16d7AXJOYxvlZ71BjvrEH7A:OjZAT1MwOC77rEH7A

Score

1^/10

Malware Config

Signatures

Files

NEAS.9621a047ec6114eb35b156b42a15cab0.exe
.dll windows:5 windows x86

6a76fa6ec8daa78854b0e42a457b5f9e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:34:23:ce:0c:60:66:67
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

30-05-2019 00:39

Not After

30-05-2022 00:39

Subject

CN=Kilonova LLC,O=Kilonova LLC,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:73:e8:76:2c:f1:63:47:52:14:f3:5a:3a:39:83:01:3e:fe:bc:bb:18:c9:4a:8f:82:fd:71:b3:5a:57:c6:18
Signer

Actual PE Digest

7b:73:e8:76:2c:f1:63:47:52:14:f3:5a:3a:39:83:01:3e:fe:bc:bb:18:c9:4a:8f:82:fd:71:b3:5a:57:c6:18

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipDeleteGraphics
GdipCreatePen1
GdipDrawImageRectRectI
GdipDeletePen
GdipCreateFromHDC
GdipReleaseDC
GdipGetDC
GdipDrawRectangleI
GdipDrawLinesI
GdipFillEllipse
GdipCreateStringFormat
GdipDeleteFontFamily
GdipSetCompositingQuality
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipCreateFont
GdipSetInterpolationMode
GdipCreateSolidFill
GdipSetPixelOffsetMode
GdipGetGenericFontFamilySansSerif
GdipDrawString
GdipCloneBrush
GdipMeasureString
GdipDeleteStringFormat
GdipDeleteFont
GdipSetStringFormatAlign
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipDrawEllipseI
GdipSetSmoothingMode
GdipSaveImageToFile
GdipSetPenColor
GdipSetPenStartCap
GdipSetPenWidth
GdipSetPenLineJoin
GdipSetPenEndCap
GdipCreateAdjustableArrowCap
GdipSetPenCustomEndCap
GdipDeleteCustomLineCap
GdipDrawLineI
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipGetImageEncoders
GdipDrawImageRectRect
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImageAttributes
GdipDeletePath
GdipDisposeImage
GdipCreatePath
GdipResetPath
GdipFillPath
GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipSetPageUnit
GdipClosePathFigure
GdipCreateImageAttributes
GdipFree
GdipGetImageGraphicsContext
ord1
GdipGetImageEncodersSize

kernel32

EncodePointer
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
SetEvent
SizeofResource
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
LockResource
HeapReAlloc
RaiseException
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
ResetEvent
GetProcessHeap
FreeLibrary
VerifyVersionInfoW
WriteFile
CreateMutexW
CreateFileW
GetCurrentThreadId
ReleaseMutex
CloseHandle
GetModuleHandleW
WideCharToMultiByte
SetLastError
GetCurrentProcess
GetModuleFileNameW
GetTempPathW
FindClose
MultiByteToWideChar
GetTempFileNameW
EnterCriticalSection
LeaveCriticalSection
MulDiv
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceCounter
CreateDirectoryW
lstrcmpiW
LoadLibraryExW
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
VerSetConditionMask

user32

TrackPopupMenu
CreatePopupMenu
MonitorFromPoint
CreateDialogParamW
IntersectRect
OffsetRect
GetCursorInfo
DrawIcon
GetIconInfo
GetDesktopWindow
DestroyWindow
CharNextW
UpdateWindow
ShowWindow
DestroyMenu
IsRectEmpty
DialogBoxParamW
MoveWindow
GetDlgItem
BeginPaint
EndPaint
GetActiveWindow
InflateRect
GetWindowTextLengthW
PostMessageW
GetDC
FillRect
SetWindowTextW
RegisterClassExW
IsWindow
GetAsyncKeyState
RedrawWindow
CreateCaret
GetMonitorInfoW
SetCapture
SetCursor
DrawTextW
ShowCaret
GetClassInfoExW
ReleaseCapture
InvalidateRect
GetWindowTextW
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetWindowRect
SetWindowLongW
RegisterWindowMessageW
SetWindowPos
CreateWindowExW
ScreenToClient
ClientToScreen
SetRectEmpty
GetParent
GetCursorPos
EqualRect
UnionRect
TrackMouseEvent
GetWindowDC
SetRect
ReleaseDC
EnumDisplayMonitors
CopyRect
SendMessageW
FindWindowW
UnregisterClassW
SetFocus
AppendMenuW
EnableMenuItem
PtInRect
SetForegroundWindow
EndDialog
MessageBeep
OpenClipboard
CloseClipboard
EmptyClipboard
LoadCursorW
SetClipboardData
GetSystemMetrics

gdi32

GetTextMetricsW
CreateDIBSection
EqualRgn
RectInRegion
SetTextColor
StartPage
StretchBlt
EndDoc
StartDocW
CreateRectRgnIndirect
EndPage
SetBkMode
SetBkColor
ExtTextOutW
CreateCompatibleBitmap
BitBlt
SelectObject
CreateCompatibleDC
CreateFontW
GetStockObject
GetDeviceCaps
CreatePen
Rectangle
CreateSolidBrush
CreateBitmap
CombineRgn
GetObjectW
DeleteObject
GetDIBits
DeleteDC

comdlg32

GetSaveFileNameW
PrintDlgExW
GetOpenFileNameW
ChooseColorW

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathAddBackslashW
PathCombineW

comctl32

InitCommonControlsEx

Exports

Exports

DeinitLightshot
InitLightshot
MakeScreenshot
MakeScreenshotByCommand
SetTranslations

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a76fa6ec8daa78854b0e42a457b5f9e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

c9:34:23:ce:0c:60:66:67Certificate

Extended Key Usages

Key Usages

7b:73:e8:76:2c:f1:63:47:52:14:f3:5a:3a:39:83:01:3e:fe:bc:bb:18:c9:4a:8f:82:fd:71:b3:5a:57:c6:18Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 5KB - Virtual size: 9KB

.gfids Size: 512B - Virtual size: 276B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 247KB - Virtual size: 246KB

.reloc Size: 11KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07
Certificate

c9:34:23:ce:0c:60:66:67
Certificate

7b:73:e8:76:2c:f1:63:47:52:14:f3:5a:3a:39:83:01:3e:fe:bc:bb:18:c9:4a:8f:82:fd:71:b3:5a:57:c6:18
Signer

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 5KB - Virtual size: 9KB

.gfids
Size: 512B - Virtual size: 276B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 247KB - Virtual size: 246KB

.reloc
Size: 11KB - Virtual size: 11KB