NEAS[.]e2f45adabb38f5d06a3ae4153a656010[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e2f45adabb38f5d06a3ae4153a656010.exe
Size

354KB
MD5

e2f45adabb38f5d06a3ae4153a656010
SHA1

b612551261e268140fcb03d878a7f3d892ed8091
SHA256

30feea140c4486ae5b496352d8e1d69d67ebf8c5d42e917b0870ec41079b7b32
SHA512

85adb2b44c9fea8c95bc2232ea31d555b26654465d7aded87a4671a70fc7d061f6ed1e5aa89d206d59dec8690a09846ca6b6746d5c65a894b7dc970d1c69ffac
SSDEEP

6144:R6b7wa0t4+f9rlr5wcJKgALKjg7Yirt29PZPId+Sx:AIV4+lrlr5wi5A2jaJ+Sx

Score

1^/10

Malware Config

Signatures

Files

NEAS.e2f45adabb38f5d06a3ae4153a656010.exe
.dll windows:6 windows x86

305f569659eecff5e4ec6285c4d41022

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:31:07:74:ae:30:76:21:91:6c:51:2b:01:26:50:ac
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

05/01/2023, 00:00

Not After

04/01/2026, 23:59

Subject

SERIALNUMBER=91440300MA5HAMWY88,CN=Shenzhen HappyDog Technology Co.\, Ltd.,O=Shenzhen HappyDog Technology Co.\, Ltd.,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:31:07:74:ae:30:76:21:91:6c:51:2b:01:26:50:ac
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

05/01/2023, 00:00

Not After

04/01/2026, 23:59

Subject

SERIALNUMBER=91440300MA5HAMWY88,CN=Shenzhen HappyDog Technology Co.\, Ltd.,O=Shenzhen HappyDog Technology Co.\, Ltd.,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:23:c3:d0:47:4e:d2:6c:02:9c:d0:1b:54:d3:a7:d7:82:41:51:13:98:bb:da:3f:49:24:48:16:f7:fd:77:67
Signer

Actual PE Digest

dc:23:c3:d0:47:4e:d2:6c:02:9c:d0:1b:54:d3:a7:d7:82:41:51:13:98:bb:da:3f:49:24:48:16:f7:fd:77:67

Digest Algorithm

sha256

PE Digest Matches

true

09:2a:9e:44:30:f5:c7:1a:32:8c:69:33:e7:15:f2:ef:a9:a0:88:f0
Signer

Actual PE Digest

09:2a:9e:44:30:f5:c7:1a:32:8c:69:33:e7:15:f2:ef:a9:a0:88:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt5gui

?nextImageDelay@QImageIOHandler@@UBEHXZ
?loopCount@QImageIOHandler@@UBEHXZ
?currentImageRect@QImageIOHandler@@UBE?AVQRect@@XZ
?convertToFormat_inplace@QImage@@IAE_NW4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?convertToFormat_helper@QImage@@IBE?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?setDotsPerMeterY@QImage@@QAEXH@Z
?setDotsPerMeterX@QImage@@QAEXH@Z
?dotsPerMeterX@QImage@@QBEHXZ
?hasAlphaChannel@QImage@@QBE_NXZ
?setColorTable@QImage@@QAEXV?$QVector@I@@@Z
?colorTable@QImage@@QBE?AV?$QVector@I@@XZ
?bytesPerLine@QImage@@QBEHXZ
?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
?constScanLine@QImage@@QBEPBEH@Z
?scanLine@QImage@@QBEPBEH@Z
?scanLine@QImage@@QAEPAEH@Z
?bits@QImage@@QAEPAEXZ
?depth@QImage@@QBEHXZ
?size@QImage@@QBE?AVQSize@@XZ
?height@QImage@@QBEHXZ
?width@QImage@@QBEHXZ
?reinterpretAsFormat@QImage@@QAE_NW4Format@1@@Z
?format@QImage@@QBE?AW4Format@1@XZ
?copy@QImage@@QBE?AV1@ABVQRect@@@Z
?isNull@QImage@@QBE_NXZ
??4QImage@@QAEAAV0@$$QAV0@@Z
??1QImage@@UAE@XZ
??0QImage@@QAE@$$QAV0@@Z
??0QImage@@QAE@ABVQSize@@W4Format@0@@Z
?logicalDpiY@QPaintDevice@@QBEHXZ
?logicalDpiX@QPaintDevice@@QBEHXZ
?setFormat@QImageIOHandler@@QBEXABVQByteArray@@@Z
?device@QImageIOHandler@@QBEPAVQIODevice@@XZ
??1QImageIOHandler@@UAE@XZ
??0QImageIOHandler@@QAE@XZ
??1QImageIOPlugin@@UAE@XZ
??0QImageIOPlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QImageIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QImageIOPlugin@@UAEPAXPBD@Z
?setFormat@QImageIOHandler@@QAEXABVQByteArray@@@Z
?setDevice@QImageIOHandler@@QAEXPAVQIODevice@@@Z
?dotsPerMeterY@QImage@@QBEHXZ

qt5core

z_inflateInit_
z_deflateInit_
z_inflateReset
z_deflateParams
z_deflateReset
z_inflateEnd
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
z_inflate
?qstrcmp@@YAHABVQByteArray@@PBD@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?isOpen@QIODevice@@QBE_NXZ
?isReadable@QIODevice@@QBE_NXZ
?isWritable@QIODevice@@QBE_NXZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
??0QMessageLogger@@QAE@PBDH0@Z
?warning@QMessageLogger@@QBAXPBDZZ
z_deflateEnd
?deallocate@QArrayData@@SAXPAU1@II@Z
??0QByteArray@@QAE@PBDH@Z
??1QByteArray@@QAE@XZ
?constData@QByteArray@@QBEPBDXZ
?fromRawData@QByteArray@@SA?AV1@PBDH@Z
?read@QIODevice@@QAE_JPAD_J@Z
?write@QIODevice@@QAE_JPBD_J@Z
?peek@QIODevice@@QAE?AVQByteArray@@_J@Z
??0QVariant@@QAE@XZ
??0QVariant@@QAE@H@Z
??0QVariant@@QAE@ABVQSize@@@Z
?type@QVariant@@QBE?AW4Type@1@XZ
?toInt@QVariant@@QBEHPA_N@Z
?shared_null@QArrayData@@2QBU1@B
z_deflate

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
InitializeSListHead

vcruntime140

memcpy
memset
memmove
__vcrt_InitializeCriticalSectionEx
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
realloc
malloc
free

api-ms-win-crt-math-l1-1-0

_CIatan2
floor
_except1
_libm_sse2_exp_precise
_libm_sse2_log_precise
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-utility-l1-1-0

qsort
rand
bsearch

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm_e
_initterm
_crt_atexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

305f569659eecff5e4ec6285c4d41022

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:31:07:74:ae:30:76:21:91:6c:51:2b:01:26:50:acCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:31:07:74:ae:30:76:21:91:6c:51:2b:01:26:50:acCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

dc:23:c3:d0:47:4e:d2:6c:02:9c:d0:1b:54:d3:a7:d7:82:41:51:13:98:bb:da:3f:49:24:48:16:f7:fd:77:67Signer

09:2a:9e:44:30:f5:c7:1a:32:8c:69:33:e7:15:f2:ef:a9:a0:88:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 1024B - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 133B

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 8KB - Virtual size: 7KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:31:07:74:ae:30:76:21:91:6c:51:2b:01:26:50:ac
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:31:07:74:ae:30:76:21:91:6c:51:2b:01:26:50:ac
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

dc:23:c3:d0:47:4e:d2:6c:02:9c:d0:1b:54:d3:a7:d7:82:41:51:13:98:bb:da:3f:49:24:48:16:f7:fd:77:67
Signer

09:2a:9e:44:30:f5:c7:1a:32:8c:69:33:e7:15:f2:ef:a9:a0:88:f0
Signer

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 1024B - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 133B

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 8KB - Virtual size: 7KB