NEAS[.]bc753bd7dc0a7178c7d4054de8c0d9b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.bc753bd7dc0a7178c7d4054de8c0d9b0.exe
Size

643KB
MD5

bc753bd7dc0a7178c7d4054de8c0d9b0
SHA1

206e60251b9e64d921b267df6db754c0e3fb10fb
SHA256

6ecc0566c80b453e1ddac97a31cdcdc161c2ad7083e8f4bbc88182d250adf25a
SHA512

0ec3eca7d8cd423c271ad127f15923b26f86ccf1278ceaa27d0345ab9f126b83c34a16d8e7230e26f4cb2ca345f617adcd9dc148ac0711ce848c630a61414cbf
SSDEEP

12288:4FhhtEPYt0ztkJghCjFcCLK5a4OdgxJU80YDxB:z/tGP4MmG80YD

Score

1^/10

Malware Config

Signatures

Files

NEAS.bc753bd7dc0a7178c7d4054de8c0d9b0.exe
.exe windows:5 windows x86

998b62af74acc0a28bd05be21f1e0a6e

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:44:0c:62:56:43:ed:0b:86:28:36:49:88:1d:dc:80
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/10/2019, 00:00

Not After

30/10/2020, 23:59

Subject

CN=天津迅读科技有限公司,OU=IT,O=天津迅读科技有限公司,ST=天津,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:bd:5c:2f:d0:9b:21:92:72:ff:ef:46:d5:03:cf:e6:fa:2b:3e:fb
Signer

Actual PE Digest

ad:bd:5c:2f:d0:9b:21:92:72:ff:ef:46:d5:03:cf:e6:fa:2b:3e:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
GetTempPathW
CreateDirectoryA
CreateDirectoryW
GetVersionExW
GetSystemTime
SystemTimeToFileTime
GetLongPathNameW
DeleteFileW
GetVolumeInformationW
WideCharToMultiByte
SetEndOfFile
GetConsoleCP
FlushFileBuffers
SetStdHandle
CreateThread
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetPrivateProfileIntW
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
ReadFile
InterlockedFlushSList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
lstrlenW
lstrcatW
lstrcatA
lstrcpynW
GetTickCount
GetLocalTime
SetLastError
TerminateProcess
GetCurrentProcess
CreateFileW
MulDiv
CloseHandle
WriteFile
LocalFree
LocalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
MultiByteToWideChar
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
CreateMutexW
lstrcmpiW
lstrcmpW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentThreadId
RaiseException
GetProfileIntW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetDateFormatW
WriteConsoleW

user32

CopyRect
DrawTextW
GetMonitorInfoW
GetMessageW
DispatchMessageW
GetCapture
SetCapture
GetMenuItemInfoW
SetForegroundWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBeep
IsRectEmpty
FindWindowExW
GetWindow
LoadStringA
InflateRect
MonitorFromPoint
TrackPopupMenuEx
RemoveMenu
GetMessagePos
PtInRect
ReleaseCapture
UpdateWindow
GetDC
GetDCEx
ReleaseDC
InvalidateRect
SetCursor
GetCursorPos
ScreenToClient
FillRect
SetRect
EqualRect
LoadCursorW
TranslateMessage
PeekMessageW
DefWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
CharNextW
LoadAcceleratorsW
LoadMenuW
SetWindowLongW
FindWindowW
DestroyCursor
LoadImageW
LoadStringW
GetDesktopWindow
SendMessageW
GetWindowRect
MapWindowPoints
TrackMouseEvent
SetWindowPos
BeginPaint
EndPaint
GetWindowLongW
GetParent
DestroyWindow
GetDlgItem
SetFocus
GetClientRect
GetSysColorBrush
SetClassLongW
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
GetSystemMetrics
TranslateAcceleratorW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CreateDialogParamW
IsWindowVisible
IsWindow
CallWindowProcW
PostQuitMessage
PostMessageW

gdi32

UnrealizeObject
SetWindowOrgEx
SetViewportOrgEx
SetROP2
SetMapMode
SaveDC
RestoreDC
PatBlt
CreateSolidBrush
CreatePatternBrush
CreateBitmap
GetPixel
SetBkMode
SelectObject
Rectangle
GetStockObject
DeleteObject
CreatePen
Polygon
MoveToEx
LineTo
StretchBlt
BitBlt
DeleteDC
CreateCompatibleDC
GetDeviceCaps
GetDIBits
CreateDIBSection
GetObjectW
CreateCompatibleBitmap
CreateFontW
EnumFontFamiliesExW
CreateDCW
GetBitmapBits
SetTextColor
SetPixel
SetBitmapBits

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

OleLoadPicture
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathAddBackslashW
PathAppendW
SHGetValueW
SHSetValueW
StrCmpIW
PathIsRootW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdiplusStartup
GdipDrawPath
GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetCustomLineCapWidthScale
GdipSetCustomLineCapStrokeCaps
GdipDeleteCustomLineCap
GdipCreateCustomLineCap
GdipSetPenBrushFill
GdipSetPenCustomEndCap
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathEllipseI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipGetImageEncoders

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

998b62af74acc0a28bd05be21f1e0a6e

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

25:44:0c:62:56:43:ed:0b:86:28:36:49:88:1d:dc:80Certificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

ad:bd:5c:2f:d0:9b:21:92:72:ff:ef:46:d5:03:cf:e6:fa:2b:3e:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

Sections

.text Size: 438KB - Virtual size: 438KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 80KB - Virtual size: 87KB

.gfids Size: 1024B - Virtual size: 576B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 24KB - Virtual size: 24KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

25:44:0c:62:56:43:ed:0b:86:28:36:49:88:1d:dc:80
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

ad:bd:5c:2f:d0:9b:21:92:72:ff:ef:46:d5:03:cf:e6:fa:2b:3e:fb
Signer

.text
Size: 438KB - Virtual size: 438KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 80KB - Virtual size: 87KB

.gfids
Size: 1024B - Virtual size: 576B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 24KB - Virtual size: 24KB