NEAS[.]d8dbc6bb8ea9631a970f5c0552908c30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d8dbc6bb8ea9631a970f5c0552908c30.exe
Size

545KB
MD5

d8dbc6bb8ea9631a970f5c0552908c30
SHA1

c843c3138b7aec68053999e82d03abe35a4cda81
SHA256

076376e8adc74f47fc83fe302d4974cf4ecf1d204771a43f7485608273c4084c
SHA512

7fd26080a0c3dc1205ae5dccc16afc5bf2c04ce44a29a5c85898b77e9da12daa35701dda68284296d8354a65707024e8f7949919399aa27190e863c87e14ab69
SSDEEP

12288:j7YkTkZJwR51xykyN3fXQ21/OZwkkmFy0i6VbsLkt:j7YkTkIxC1OZwOy16VoLy

Score

1^/10

Malware Config

Signatures

Files

NEAS.d8dbc6bb8ea9631a970f5c0552908c30.exe
.exe windows:5 windows x86

f3a2d52ccce8bb353a74e68a8419d00a

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:50:3d:80:de:30:d4:4b:0c:b7:1d:fe:e6:0f:42:b3:90:d9:a4:42
Signer

Actual PE Digest

57:50:3d:80:de:30:d4:4b:0c:b7:1d:fe:e6:0f:42:b3:90:d9:a4:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetProcAddress
GetSystemInfo
GlobalMemoryStatusEx
GetLogicalDriveStringsW
VirtualAlloc
GetDriveTypeW
GetDiskFreeSpaceExW
VirtualFree
InterlockedDecrement
SetFilePointer
CreateFileMappingW
MapViewOfFile
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
WTSGetActiveConsoleSessionId
OpenProcess
GetLocalTime
lstrlenA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
DeleteFileW
CopyFileW
GetTempFileNameW
GetTempPathW
ReadFile
MultiByteToWideChar
WinExec
GetPrivateProfileIntW
GetFileSize
CreateFileW
GetPrivateProfileStringW
FindNextFileW
FindFirstFileW
GetLastError
VerifyVersionInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
VerSetConditionMask
WideCharToMultiByte
FindClose
CloseHandle
SetStdHandle
CreateFileA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
LCMapStringA
QueryPerformanceCounter
GetModuleFileNameW
Process32NextW
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
InterlockedCompareExchange
InterlockedExchange
Sleep
OpenFileMappingW
InterlockedIncrement
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
CreateMutexW
CreateDirectoryW
DeviceIoControl
GetCurrentProcessId
SetLastError
ProcessIdToSessionId
DebugBreak
VirtualProtect
GetVersion
IsBadCodePtr
IsBadReadPtr
GetModuleHandleExW
ExitThread
GetCommandLineW
GetWindowsDirectoryW
FormatMessageW
GetModuleHandleA
FlushInstructionCache
CreateFileMappingA
LocalFree
LocalAlloc
GetFileSizeEx
CreateProcessW
WaitForSingleObject
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
HeapCreate
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetCurrentThreadId
TerminateProcess
VirtualQuery
GetModuleFileNameA
ReleaseMutex
LoadLibraryW
lstrcatA
GetThreadContext
OpenMutexW
DuplicateHandle
OpenEventW
lstrcpyA
VirtualAllocEx
VirtualFreeEx
GetCurrentThread
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
IsBadWritePtr
GetExitCodeThread
lstrcpyW
SetEndOfFile
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStartupInfoW
RtlUnwind
lstrlenW

user32

RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
GetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
DefWindowProcW
GetSystemMetrics

advapi32

GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RevertToSelf
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
RegSetValueExW
RegCreateKeyExW
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
RegQueryInfoKeyW
RegEnumValueW
OpenProcessToken
RegQueryValueW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
GetKernelObjectSecurity

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW
ord165

ole32

CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoInitializeEx
CoInitializeSecurity

oleaut32

VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit

feedback

?FeedbackDialogTranslateMessage@feedback@baidu@@YAHPAUtagMSG@@@Z
?CreateFeedbackDialog@feedback@baidu@@YAKW4ProductId@12@PB_W11W4LanguageId@12@11PAUHWND__@@P6AJ111PAUtagVARIANT@@@ZPAPAUIWebBrowser2@@@Z
?FeedbackDialogExecScript@feedback@baidu@@YAJPB_WPAUtagVARIANT@@@Z

shlwapi

StrFormatByteSizeW
SHRegGetValueW
PathAddBackslashW
PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathFindFileNameW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

log2

?GetInstance@CAPCDispatcher@@SAPAV1@XZ
?WriteLog@CAPCDispatcher@@QAEHKPB_W@Z

psapi

GetModuleFileNameExW
GetModuleInformation

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3a2d52ccce8bb353a74e68a8419d00a

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

57:50:3d:80:de:30:d4:4b:0c:b7:1d:fe:e6:0f:42:b3:90:d9:a4:42Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

feedback

shlwapi

version

wtsapi32

iphlpapi

log2

psapi

userenv

Sections

.text Size: 378KB - Virtual size: 378KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 7KB - Virtual size: 21KB

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 23KB - Virtual size: 22KB

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

57:50:3d:80:de:30:d4:4b:0c:b7:1d:fe:e6:0f:42:b3:90:d9:a4:42
Signer

.text
Size: 378KB - Virtual size: 378KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 23KB - Virtual size: 22KB