NEAS[.]434daf37e30923ab9f0dfce0eccbf290[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.434daf37e30923ab9f0dfce0eccbf290.exe
Size

56KB
MD5

434daf37e30923ab9f0dfce0eccbf290
SHA1

fd8bd386ce9e613fbb7e61e25cbb5e584e09471c
SHA256

39522e3a03737a98b4aef43353b9991cdc68239fd331f5e119dea06393e7bc70
SHA512

796f28da15b83cc913bc0e3dc350de2df5a9464353dfd6719443df2d503db126afd870cf59f57a658993bec043ea96619fa63fd61869b4487202caf20ec858bd
SSDEEP

1536:sNm0cppAExMrsgcFftMd3Kr6/kdKxnKvKNVfK/Ck:t4cFft2386/kdKuKXK/7

Score

1^/10

Malware Config

Signatures

Files

NEAS.434daf37e30923ab9f0dfce0eccbf290.exe
.dll windows:4 windows x64

469aa445c15a80366d1f51f75e1ba267

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5b
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

11/10/2022, 12:36

Not After

11/10/2025, 12:36

Subject

SERIALNUMBER=26502275,CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha,C=CZ,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302435a

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:22

Not After

29/12/2040, 23:59

Subject

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:14:dd:b8:91:ab:9c:0f:99:f1:25:ed:c5:9a:b6:d5
Certificate

Issuer

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:22

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA2,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9b:6a:6a:c3:d7:12:e3:a7:c1:b1:88:2f:f2:46:60:66:73:0d:1d:a9:62:51:2b:1f:a6:3b:84:26:6c:34:6a:aa
Signer

Actual PE Digest

9b:6a:6a:c3:d7:12:e3:a7:c1:b1:88:2f:f2:46:60:66:73:0d:1d:a9:62:51:2b:1f:a6:3b:84:26:6c:34:6a:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msys-iconv-2

libiconv
libiconv_open
libiconv_set_relocation_prefix

msys-2.0

__cxa_atexit
__errno
__fsetlocking
__locale_ctype_ptr
_impure_ptr
abort
bsearch
calloc
close
cygwin_internal
dll_dllcrt0
fclose
fgets_unlocked
fopen
free
freelocale
fstat
fwrite
getcwd
getegid
getenv
geteuid
getgid
getuid
malloc
memcpy
mmap
msys_detach_dll
munmap
newlocale
nl_langinfo
nl_langinfo_l
open
posix_memalign
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_init
pthread_mutexattr_settype
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
putc
qsort
read
realloc
setlocale
sprintf
stpcpy
strcasecmp
strchr
strcmp
strcpy
strcspn
strdup
strlen
strncmp
strstr
strtoul
tfind
tolower
tsearch
uselocale

kernel32

GetACP
GetModuleHandleA

Exports

Exports

__imp_gl_get_setlocale_null_lock
__imp_libintl_version
_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_msg
_nl_language_preferences_default
_nl_load_domain
_nl_locale_name
_nl_locale_name_default
_nl_locale_name_environ
_nl_locale_name_posix
_nl_locale_name_thread
_nl_locale_name_thread_unsafe
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
_nl_state_lock
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
gl_get_setlocale_null_lock
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_hash_string
libintl_newlocale
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_once_multithreaded
libintl_once_singlethreaded
libintl_recursive_lock_init_multithreaded
libintl_relocate
libintl_relocate2
libintl_set_relocation_prefix
libintl_setlocale
libintl_textdomain
libintl_version
locale_charset
ngettext
setlocale_null
setlocale_null_r
textdomain
xmax
xsum
xsum3
xsum4

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

469aa445c15a80366d1f51f75e1ba267

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5bCertificate

Extended Key Usages

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3bCertificate

Extended Key Usages

Key Usages

4a:14:dd:b8:91:ab:9c:0f:99:f1:25:ed:c5:9a:b6:d5Certificate

Extended Key Usages

Key Usages

9b:6a:6a:c3:d7:12:e3:a7:c1:b1:88:2f:f2:46:60:66:73:0d:1d:a9:62:51:2b:1f:a6:3b:84:26:6c:34:6a:aaSigner

Headers

File Characteristics

Imports

msys-iconv-2

msys-2.0

kernel32

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 256B

.rdata Size: 5KB - Virtual size: 5KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 5KB

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 52B

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5b
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

4a:14:dd:b8:91:ab:9c:0f:99:f1:25:ed:c5:9a:b6:d5
Certificate

9b:6a:6a:c3:d7:12:e3:a7:c1:b1:88:2f:f2:46:60:66:73:0d:1d:a9:62:51:2b:1f:a6:3b:84:26:6c:34:6a:aa
Signer

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 256B

.rdata
Size: 5KB - Virtual size: 5KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 52B