NEAS[.]5eba952e785b39b016a897216a73d230[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5eba952e785b39b016a897216a73d230.exe
Size

29KB
MD5

5eba952e785b39b016a897216a73d230
SHA1

abd3fdce6c3a785763dac8daa59de0602cfa990b
SHA256

146559dd7e34eeda4f1fc68d783e16ea16fdf9d5ac9f8ed61b0c429410ca8027
SHA512

40c48edbb246f83e0f56eca96d486e7637ae4adb886f3c420c14ce97b35dfa0f21732adead00f6174e449aa8ca3db146931681e677c90b83bc98c7f389d7980a
SSDEEP

384:+bgeaEh+rmJgjY9fevEEei1SO18x2DotbaFdNHTUWArNTk9KKL0i2/D/rPFRZtXx:+bDVhomavEZuTo0FdNHIjNGK0nObZtB

Score

1^/10

Malware Config

Signatures

Files

NEAS.5eba952e785b39b016a897216a73d230.exe
.dll windows:5 windows x86

361410b591b88b7df38f01526aa3aca7

Code Sign

33:00:00:00:b5:21:3f:ca:1e:4a:a0:3d:e4:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:15

Not After

02/12/2021, 22:15

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:62:44:71:0b:a7:96:f5:cf:52:a9:3c:5d:b2:15:9a:dd:ac:f3:a2:7e:90:23:3a:20:44:a8:a0:af:73:f5:04
Signer

Actual PE Digest

d2:62:44:71:0b:a7:96:f5:cf:52:a9:3c:5d:b2:15:9a:dd:ac:f3:a2:7e:90:23:3a:20:44:a8:a0:af:73:f5:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
wcscmp
wcslen
_wcsicmp
_except_handler3
wcschr
_wcsnicmp
iswctype
wcstoul

kernel32

GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
lstrlenW
GetLastError
GlobalFree
CloseHandle
SetLastError
CreateEventW
ResetEvent
SetEvent
FreeLibrary
GetModuleHandleA
TerminateProcess
GetACP
IsDBCSLeadByteEx
GlobalAlloc
WaitForSingleObject
LoadLibraryW
GetProcAddress

spoolss

StartDocPrinterW
WritePrinter
EndDocPrinter
GetPrinterDataW
ReadPrinter
GetJobAttributes
OpenPrinterW
ClosePrinter
GetPrinterW

gdi32

TranslateCharsetInfo
CreateFontIndirectW
SelectObject
GetTextMetricsW
StartDocW
SetBkMode
StartPage
EndPage
TextOutA
EndDoc
AbortDoc
DeleteObject
GdiGetSpoolFileHandle
GdiGetDC
GdiGetPageCount
GetWorldTransform
GdiStartDocEMF
GdiDeleteSpoolFileHandle
GdiGetPageHandle
GdiStartPageEMF
ExtEscape
GdiEndPageEMF
GdiResetDCEMF
GdiGetDevmodeForPage
ResetDCW
SetGraphicsMode
ModifyWorldTransform
SetWorldTransform
GdiPlayPageEMF
GetDeviceCaps
CancelDC
CreateDCW
DeleteDC
GdiEndDocEMF

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
DllMain
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
OpenPrintProcessor
PrintDocumentOnPrintProcessor

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

361410b591b88b7df38f01526aa3aca7

Code Sign

33:00:00:00:b5:21:3f:ca:1e:4a:a0:3d:e4:00:00:00:00:00:b5Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

d2:62:44:71:0b:a7:96:f5:cf:52:a9:3c:5d:b2:15:9a:dd:ac:f3:a2:7e:90:23:3a:20:44:a8:a0:af:73:f5:04Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

spoolss

gdi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 618B

33:00:00:00:b5:21:3f:ca:1e:4a:a0:3d:e4:00:00:00:00:00:b5
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

d2:62:44:71:0b:a7:96:f5:cf:52:a9:3c:5d:b2:15:9a:dd:ac:f3:a2:7e:90:23:3a:20:44:a8:a0:af:73:f5:04
Signer

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 618B