NEAS[.]cbb863065b7e780ee5084c0cb2f60bd0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cbb863065b7e780ee5084c0cb2f60bd0.exe
Size

77KB
MD5

cbb863065b7e780ee5084c0cb2f60bd0
SHA1

f7aa10a1752acf9b20affb9b820ccad8af1719e2
SHA256

3b03139402a03bdc881ac6b83eebbc6b6a1f9ba090f7c77496c5bc2a6522f289
SHA512

3e7c23241914a8402f87de7b2617378b540c89410084cf34ce50ab0fc35900b468a7229f731bd007c3788dc5d80d695190c37547d5472d3e2937d3ea242dd755
SSDEEP

1536:f/wYWzt1uBWJmVM0jTodj2heaEhCIMnpLv1FGH+QKVANGBqpoTTNLzyC:f/2R1EW8VM0jTodjPCFv2+QJNjpohz

Score

1^/10

Malware Config

Signatures

Files

NEAS.cbb863065b7e780ee5084c0cb2f60bd0.exe
.exe windows:5 windows x64

fc1bb59e3417b2bd6e9f4561467c5e56

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:6e:97:13:5b:6e:78:1b:39:d6:4b:78:ab:3e:89:38
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

04/01/2010, 00:00

Not After

06/01/2013, 23:59

Subject

CN=LIGHT STAR INFORMATION CO.\, LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LIGHT STAR INFORMATION CO.\, LTD.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:e0:13:1e:25:d9:a6:c5:47:61:71:1d:a1:70:ae:e1:a8:d4:b6:9f
Signer

Actual PE Digest

1f:e0:13:1e:25:d9:a6:c5:47:61:71:1d:a1:70:ae:e1:a8:d4:b6:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

EnumProcesses

kernel32

WriteFile
FlushFileBuffers
CreateFileA
lstrlenW
GetProcAddress
LoadLibraryW
CloseHandle
GetPrivateProfileStringW
GetModuleFileNameW
CreateMutexW
OpenMutexW
GetLocaleInfoW
GetUserDefaultLangID
WinExec
WideCharToMultiByte
Sleep
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
HeapReAlloc
MultiByteToWideChar
IsValidCodePage
GetOEMCP
HeapAlloc
GetLastError
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
ExitThread
GetCurrentThreadId
CreateThread
GetStartupInfoW
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP

user32

UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
ShowWindow
BringWindowToTop
SetForegroundWindow
keybd_event
GetWindowTextW
PostQuitMessage
DefWindowProcW
RegisterClassW
CreateWindowExW
LoadIconW
LoadCursorW
CloseWindow

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 982B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc1bb59e3417b2bd6e9f4561467c5e56

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:6e:97:13:5b:6e:78:1b:39:d6:4b:78:ab:3e:89:38Certificate

Extended Key Usages

Key Usages

1f:e0:13:1e:25:d9:a6:c5:47:61:71:1d:a1:70:ae:e1:a8:d4:b6:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 982B

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:6e:97:13:5b:6e:78:1b:39:d6:4b:78:ab:3e:89:38
Certificate

1f:e0:13:1e:25:d9:a6:c5:47:61:71:1d:a1:70:ae:e1:a8:d4:b6:9f
Signer

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 982B