NEAS[.]811764c0d873882c5fc052193fefa2d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.811764c0d873882c5fc052193fefa2d0.exe
Size

2.6MB
MD5

811764c0d873882c5fc052193fefa2d0
SHA1

2980d317dee56cc27620409d6cd64bbf67c6e5da
SHA256

e6a51c8901b2e0274c1f3003cdc75c6ae94e1d70805ef5513fb52be25823d9c7
SHA512

8cb8eeb009dd18e2c78d77eca0b4c759398982060abec3f644a5ca4eba4afa668ca76b74a35fbfc47de9e9ea22594bb3702f46f1a8dceb0dea601b783ca7da1b
SSDEEP

49152:qS2IrCpA55CrDnDsPGn4J1TeMVwKFMoDC0IOQ13lu5:2AXkboPGnfMtMAXm3O

Score

1^/10

Malware Config

Signatures

Files

NEAS.811764c0d873882c5fc052193fefa2d0.exe
.exe windows:4 windows x86

1a97850db063534b94d5ffa7aebe414c

Code Sign

84:b7:70:18:96:51:46:d9:c5:f4:d4:7d:df:01:df:d7
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/09/2018, 00:00

Not After

06/03/2019, 23:59

Subject

CN=KEKEKA' LTD,O=KEKEKA' LTD,POSTALCODE=W1K 1AW,STREET=12\, Stanhope Gate',L=LONDON,ST=LONDON,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MapFileAndCheckSumA
MapFileAndCheckSumW

version

VerQueryValueW
VerQueryValueA

kernel32

QueryPerformanceCounter
GetSystemTimeAsFileTime
SizeofResource
GetBinaryTypeW
GetSystemDirectoryW
GlobalLock
FindResourceExW
OpenProcess
GetQueuedCompletionStatus
RemoveDirectoryA
GetTimeFormatA
LeaveCriticalSection
GetVolumeInformationW
GetConsoleCP
MulDiv
GetDiskFreeSpaceA
GetDriveTypeW
ReleaseMutex
RaiseException
InterlockedExchange
CreateIoCompletionPort
UnlockFile
LockFile
CreateThread
GetTempPathA
GlobalUnlock
SetFileAttributesA
ResumeThread
GetDateFormatA
SetCurrentDirectoryA
GetShortPathNameA
FindFirstFileA
FlushFileBuffers
GetFileAttributesA
ResetEvent
CopyFileA
CreateDirectoryA
TerminateThread
GetTimeZoneInformation
SetEndOfFile
EnterCriticalSection
GetExitCodeProcess
FindNextFileA
GlobalFlags
CompareFileTime
GetACP
FindClose
lstrcmpiA
GetLastError
DeleteFileA
GetProcAddress
GetModuleHandleA
GetTickCount
IsBadReadPtr
FreeLibrary
LoadLibraryA
GetCommandLineW
MultiByteToWideChar
SetFilePointer
GetOEMCP
GetCPInfo
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
PostQueuedCompletionStatus

user32

ReleaseDC
GetSubMenu
EndDialog
IsWindowVisible
GetWindowThreadProcessId
DrawTextA
SetClipboardData
EnableMenuItem
SetCursor
ClientToScreen
SetWindowLongW
LoadAcceleratorsW
CreatePopupMenu
SendMessageW
DefWindowProcW
TrackPopupMenuEx
CharNextW
CloseClipboard
IsWindowEnabled
DispatchMessageW
GetWindowLongW
GetSystemMenu
GetKeyState
SetWindowPos
CheckDlgButton
GetParent
GetWindowLongA
TranslateMessage
DestroyMenu
TrackPopupMenu
EmptyClipboard
MoveWindow
GetClientRect
LoadStringW
TranslateAcceleratorW
SetFocus
SetClassLongW
DefWindowProcA
InvalidateRect
GetMessagePos
DestroyWindow
GetSystemMetrics
LoadBitmapA

advapi32

RegCreateKeyExA
RegCreateKeyExW
AllocateLocallyUniqueId

shlwapi

PathAddBackslashW
PathAddBackslashA

Sections

.text
Size: 860KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a97850db063534b94d5ffa7aebe414c

Code Sign

84:b7:70:18:96:51:46:d9:c5:f4:d4:7d:df:01:df:d7Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

imagehlp

version

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 860KB - Virtual size: 859KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 402KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

84:b7:70:18:96:51:46:d9:c5:f4:d4:7d:df:01:df:d7
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 860KB - Virtual size: 859KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 402KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB