NEAS[.]52910604ca72e606bf26d618a2279800[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.52910604ca72e606bf26d618a2279800.exe
Size

469KB
MD5

52910604ca72e606bf26d618a2279800
SHA1

24f3e8401bacfa2c0c2c32c75ad8046ab64a33c8
SHA256

80abd687c6ca72d1cc28ef7da813ef632882c934b771ac128a64e4e5e41ed3dd
SHA512

09b13a97f66df8d8160e20ea5116a6908a2dfac7ee3af5d4fd487cce4b53732ce572148b0a471f7c9a3ef5053ec89c44a9b2b017e59624dc308a39f36c4709e5
SSDEEP

12288:2rSSsmSQy5GUdoKeeYXvJzk61UiAw4D3krDID6IiwMd4U:25smSQy5GUdoKeeYXvJzkWUiAw4D3W0y

Score

1^/10

Malware Config

Signatures

Files

NEAS.52910604ca72e606bf26d618a2279800.exe
.dll regsvr32 windows:4 windows x86

2acd6f2992368f07d36353b4958211fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:50:0e:13:db:f1:f8:41:54:b8:a7:f6:26:f5:68:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/08/2008, 00:00

Not After

26/09/2009, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical Support Dept.,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:fa:1f:e2:cf:5c:54:69:82:b6:f8:6b:1a:61:f8:85:28:79:a8:cc
Signer

Actual PE Digest

5a:fa:1f:e2:cf:5c:54:69:82:b6:f8:6b:1a:61:f8:85:28:79:a8:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5575
ord5567
ord6057
ord5860
ord3591
ord535
ord925
ord4124
ord3614
ord3737
ord818
ord3566
ord5781
ord1634
ord2371
ord2444
ord2859
ord6871
ord816
ord562
ord2144
ord1230
ord1143
ord1165
ord6190
ord5568
ord2910
ord6466
ord5795
ord1173
ord2862
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5732
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord3948
ord2717
ord922
ord537
ord940
ord5706
ord6193
ord6107
ord6238
ord956
ord2810
ord2105
ord2855
ord3711
ord790
ord556
ord809
ord1088
ord2114
ord5977
ord3541
ord6354
ord4118
ord1115
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord2634
ord858
ord2362
ord861
ord6211
ord538
ord2078
ord4294
ord2294
ord795
ord3716
ord3397
ord4470
ord4704
ord6330
ord3087
ord4229
ord2356
ord2287
ord2350
ord2293
ord641
ord324
ord3592
ord4419
ord5276
ord4401
ord1767
ord6048
ord2506
ord4992
ord4847
ord825
ord4370
ord5261
ord3658
ord470
ord755
ord2854
ord2746
ord283
ord2406
ord5871
ord540
ord3798
ord323
ord1633
ord2397
ord640
ord800
ord3621
ord6451
ord5047
ord4270
ord692
ord567
ord3634
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4395
ord1768
ord4073
ord6051
ord2016
ord2405
ord6362
ord1764
ord823
ord5303

msvcrt

realloc
malloc
fflush
vfprintf
fopen
strncpy
_wcsicmp
free
fclose
atoi
wcscmp
wcslen
iswdigit
_wtoi
_wcsdup
_getdrives
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_purecall
_ftol
srand
rand
_except_handler3
__CxxFrameHandler
_snprintf

kernel32

lstrcatA
GetLocalTime
CreateToolhelp32Snapshot
Module32FirstW
GetLongPathNameA
Module32NextW
GetCurrentThread
SetUnhandledExceptionFilter
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
FlushInstructionCache
InterlockedIncrement
GetCurrentProcessId
CloseHandle
CreateEventW
GetCurrentThreadId
LoadLibraryExW
FreeLibrary
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetLongPathNameW
GetTickCount
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
lstrlenW
InterlockedDecrement
lstrcpyA
VirtualQuery
GetModuleFileNameA
FindFirstFileA
WideCharToMultiByte
GetPrivateProfileStringW
lstrcpynW
DebugBreak
lstrlenA
GetPrivateProfileIntW
WritePrivateProfileStringW
LocalFree
LocalAlloc
FindClose
lstrcmpW

user32

IsWindow
SetRectEmpty
GrayStringW
TabbedTextOutW
GetDC
ReleaseDC
BeginDeferWindowPos
ShowWindow
ScreenToClient
DeferWindowPos
EndDeferWindowPos
EnableWindow
DrawTextW
GetSysColor
LoadBitmapW
InflateRect
FillRect
RedrawWindow
CreateWindowExW
DestroyWindow
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SetTimer
SetRect
OffsetRect
KillTimer
SetWindowTextW
GetWindowTextW
MoveWindow
LoadCursorW
RegisterWindowMessageW
IsWindowVisible
BringWindowToTop
wsprintfW
IsRectEmpty
EqualRect
wvsprintfW
LoadImageW
GetFocus
UnhookWindowsHookEx
GetParent
SetDlgItemTextW
GetDlgItem
SendMessageW
SetWindowsHookExW
GetKeyState
CallNextHookEx
IsWindowEnabled
DrawEdge
DrawFocusRect
GetMenu
AdjustWindowRectEx
BeginPaint
EndPaint
CreateDialogParamW
SetCapture
ReleaseCapture
GetCapture
GetDlgCtrlID
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
GetDoubleClickTime
DefWindowProcW
GetSubMenu
LoadMenuW
LoadStringW
GetAncestor
MonitorFromWindow
GetMonitorInfoW
SetParent
SetWindowLongW
EndDialog
DialogBoxParamW
GetSystemMetrics
SetFocus
GetClassNameW
WindowFromPoint
SetActiveWindow
InvalidateRect
SetCursor
PtInRect
UpdateWindow
CharNextW
PostMessageW
GetCursorPos
IsChild
ClientToScreen
TrackPopupMenu
DestroyMenu
CopyRect
CallWindowProcW

gdi32

SetBkMode
FloodFill
GetWindowExtEx
GetViewportExtEx
LPtoDP
GetBkColor
GetStockObject
CreateFontW
CreateFontIndirectW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
GetObjectW
GetTextExtentPoint32W
CreateSolidBrush
CreateDIBSection
SelectObject
StretchBlt
DeleteDC
CreateCompatibleDC
BitBlt
DeleteObject
SetTextColor

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
InitializeSecurityDescriptor

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CreateBindCtx

oleaut32

DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

urlmon

RegisterBindStatusCallback
CreateURLMoniker

atl

ord16
ord53
ord58
ord42
ord11
ord10
ord21
ord57
ord18
ord30
ord32
ord44
ord45
ord15
ord31
ord43

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

ifupt

GetCurrentVersionW

shlwapi

PathFindFileNameA
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2acd6f2992368f07d36353b4958211fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2c:50:0e:13:db:f1:f8:41:54:b8:a7:f6:26:f5:68:cbCertificate

Extended Key Usages

Key Usages

5a:fa:1f:e2:cf:5c:54:69:82:b6:f8:6b:1a:61:f8:85:28:79:a8:ccSigner

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

atl

msvcp60

ifupt

shlwapi

version

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 192KB - Virtual size: 191KB

.reloc Size: 20KB - Virtual size: 19KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2c:50:0e:13:db:f1:f8:41:54:b8:a7:f6:26:f5:68:cb
Certificate

5a:fa:1f:e2:cf:5c:54:69:82:b6:f8:6b:1a:61:f8:85:28:79:a8:cc
Signer

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 192KB - Virtual size: 191KB

.reloc
Size: 20KB - Virtual size: 19KB