NEAS[.]cacd3eb7a6fc37c5fc55363275cd28b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cacd3eb7a6fc37c5fc55363275cd28b0.exe
Size

882KB
MD5

cacd3eb7a6fc37c5fc55363275cd28b0
SHA1

9740f723ab8f7ad165e15aad95080e18dca411cb
SHA256

2d15019cd31106649207372b5e116bad05ca0871cd46e07cf5c72eeb8f058d9c
SHA512

7ff44a59e58d8ac8caca777d15eab39553687607d03b68bf0accca5dd375ad80da753a2e0d369a3dfb5eefa12d12096d7e02cd94a83617cae70e6307512ef973
SSDEEP

24576:WIVVhVVVVVAVVMVt/V4VRVFV9VuD7swDqzaEo21AwZ:WIVVhVVVVVAVVMVFV4VRVFV9V/m2ewZ

Score

7^/10

Malware Config

Signatures

Molebox Virtualization software 1 IoCs

Detects file using Molebox Virtualization software.

resource	yara_rule
sample	molebox

Files

NEAS.cacd3eb7a6fc37c5fc55363275cd28b0.exe
.exe windows:4 windows x86

5bffcb33a9fc0c44f2d7e327565578d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:19:cb:4e:08:3c:27:fa:d2:1e:d4:f6:4f:43:4b:67
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/08/2009, 00:00

Not After

15/08/2012, 23:59

Subject

CN=NPP GARANT-SERVICE,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NPP GARANT-SERVICE,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegEnumValueW

kernel32

ExitProcess
GetFileSize
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
memcpy
memset
signal
strcpy
wcscpy

user32

AdjustWindowRectEx
CallNextHookEx
CreateDialogIndirectParamW
CreatePopupMenu
DestroyMenu
DispatchMessageW
EnableWindow
GetActiveWindow
GetClassNameW
GetMessageW
GetParent
GetSubMenu
GetWindowTextLengthW
IsDialogMessageW
IsIconic
IsWindowVisible
MessageBeep
RegisterClipboardFormatW
SetCursor

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 947KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bffcb33a9fc0c44f2d7e327565578d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

36:19:cb:4e:08:3c:27:fa:d2:1e:d4:f6:4f:43:4b:67Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 128B

.idata Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 544B

.bss Size: - Virtual size: 947KB

.tls Size: 2KB - Virtual size: 20B

.rsrc Size: 446KB - Virtual size: 446KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

36:19:cb:4e:08:3c:27:fa:d2:1e:d4:f6:4f:43:4b:67
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 128B

.idata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 544B

.bss
Size: - Virtual size: 947KB

.tls
Size: 2KB - Virtual size: 20B

.rsrc
Size: 446KB - Virtual size: 446KB