NEAS[.]fd7db518767f5da5514222b3508e2af0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.fd7db518767f5da5514222b3508e2af0.exe
Size

476KB
MD5

fd7db518767f5da5514222b3508e2af0
SHA1

6eafe3ebb0f1eef5aa5383593bca7f1527060b08
SHA256

bbb9a234fde6fae12c161eb770bb4ff10c6861443a538f74ec4fed91cce19f48
SHA512

66e998da125d3005aa4e916c7b22e75bb0b5b1570b05ed5e8944475877d0abe2bcbb33a7cc593183f7e22523c3aa8394a054afcdfdfcaf232ef47a80bf7e74d8
SSDEEP

12288:KA7kThiFdCd8aUEISNEiWxsHXKR2Rj3OAn:V7kFiFY86NCMZRjBn

Score

1^/10

Malware Config

Signatures

Files

NEAS.fd7db518767f5da5514222b3508e2af0.exe
.exe windows:5 windows x86

13e2edda28c8afc0e6e79c6e96167701

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07-06-2012 00:00

Not After

06-06-2022 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:a0:b9:25:d5:bd:9e:14:2f:9e:9b:39:4e:ce:62:70
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-01-2014 00:00

Not After

07-01-2016 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=AAM 256,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:bf:70:34:25:1a:b6:c7:07:ad:aa:51:84:cc:fd:57:ac:d6:ed:3d
Signer

Actual PE Digest

c0:bf:70:34:25:1a:b6:c7:07:ad:aa:51:84:cc:fd:57:ac:d6:ed:3d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEndOfFile
OpenMutexW
LoadLibraryExW
ReadConsoleW
SetFilePointerEx
GetCurrentProcess
CloseHandle
InterlockedDecrement
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
GetLocalTime
DecodePointer
DeleteCriticalSection
CreateSemaphoreA
ReleaseSemaphore
SetLastError
CreateMutexA
ReleaseMutex
SetDllDirectoryW
CreateProcessW
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
MoveFileExW
LocalFree
GetFileTime
FileTimeToLocalFileTime
CreateDirectoryW
CreateFileW
DeleteFileW
GetACP
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetLongPathNameW
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
WriteFile
GetCurrentThreadId
GetDateFormatW
GetTimeFormatW
ReadFile
GetFileSizeEx
CreateMutexW
GetConsoleMode
GetStringTypeW
EncodePointer
GetCommandLineW
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
HeapSize
IsValidCodePage
GetOEMCP
FlushFileBuffers
GetConsoleCP

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetMalloc

oleaut32

VariantClear

shlwapi

PathRenameExtensionW
PathAppendW
PathAddExtensionW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW
PathIsFileSpecW
PathRemoveFileSpecW
PathRemoveExtensionW

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13e2edda28c8afc0e6e79c6e96167701

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate

Extended Key Usages

Key Usages

58:a0:b9:25:d5:bd:9e:14:2f:9e:9b:39:4e:ce:62:70Certificate

Extended Key Usages

Key Usages

c0:bf:70:34:25:1a:b6:c7:07:ad:aa:51:84:cc:fd:57:ac:d6:ed:3dSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shell32

oleaut32

shlwapi

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

58:a0:b9:25:d5:bd:9e:14:2f:9e:9b:39:4e:ce:62:70
Certificate

c0:bf:70:34:25:1a:b6:c7:07:ad:aa:51:84:cc:fd:57:ac:d6:ed:3d
Signer

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB