NEAS[.]e4cc6dd41a5ea4131d3a15a99647a510[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e4cc6dd41a5ea4131d3a15a99647a510.exe
Size

5.1MB
MD5

e4cc6dd41a5ea4131d3a15a99647a510
SHA1

4bbe33bd1e2229d76789e1f3bbee72a574812642
SHA256

8c5a475dbb01a9289e5cf2be48528e09476ad9896db00755538fd2201008e053
SHA512

578817b5b98bc95a19fce4f672800b68e07d3509e3593e1e7ccffd57d622b83c8dbfd2d6037d3952d28f7d1123ca0ff153c6019e4c440f0a6b631bda841f025c
SSDEEP

98304:mSlNJv+xwSq4J2+HyNeMF4eQwECWQ/Sy53LeXx4LLLLLLLLLLLLLLLLLLLLLLLLY:uY0yNvECL/V5beXM7onCJ+

Score

1^/10

Malware Config

Signatures

Files

NEAS.e4cc6dd41a5ea4131d3a15a99647a510.exe
.exe windows:5 windows x86

2c898f8e0b4d07940a463c546f10b5db

Code Sign

5a:0b:ea:b1:73:15:e8:22:d0:45:0f:87:29:3e:3b:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/09/2020, 00:00

Not After

01/10/2021, 23:59

Subject

CN=SEIKO EPSON CORPORATION,OU=Information Service & Support Department,O=SEIKO EPSON CORPORATION,L=Suwa-Shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:7a:a5:50:56:20:2f:1f:4b:2b:9b:e6:40:8a:71:79:5b:ce:16:eb
Signer

Actual PE Digest

bb:7a:a5:50:56:20:2f:1f:4b:2b:9b:e6:40:8a:71:79:5b:ce:16:eb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

epinstmgr

?CreatePort@CPrnDrvInst@@QAEKPBD0PADH000K@Z
?InstallDriver@CPrnDrvInst@@QAEPAXP6GIKJ@ZJPBD111K111@Z
?TestPagePrint@CPrnDrvInst@@QAEHHPBD00000HHHHH@Z
?EnumDrivers@CPrnDrvInst@@QAEPAXP6GIKJ@ZJPBDKPAVCStringList@@PAEKPAKPAXH@Z
?EnumDrivers@CPrnDrvInst@@QAEKPBDKPAVCStringList@@PAEKPAKPAXH@Z
?IsInstalledDP3@CPrnDrvInst@@QAEHPADK@Z
?RepairPnPData@CPrnDrvInst@@QAEKPBD@Z
??1CPrnDrvInst@@UAE@XZ
?IsNetworkPrinterInstalled@CPrnDrvInst@@QAEHPBD0H@Z
?IsInstalledPrinterDriver@CPrnDrvInst@@QAEHPBDPADH@Z
?AvailPrinterName@CPrnDrvInst@@QAEKPBD00@Z
??0CPrnDrvInst@@QAE@PBD0@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

enappinst

?InstallApplication@@YAKPBDPAIPAJPAU_APP_INST_OPT@@P6GIKJ@ZJE0@Z
?EnumApplicationInfo@@YAKKPBDPAPBDKHPAPAU_APP_INFO@@PAKP6GIPAU1@J@ZJPAX@Z

shlwapi

PathCombineW
PathUnquoteSpacesW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

kernel32

EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ExpandEnvironmentStringsA
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
LockResource
GetCommandLineW
GetOEMCP
FreeLibrary
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoA
InitializeCriticalSection
GetConsoleMode
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
CloseHandle
CreateMutexW
WaitForSingleObject
SetEvent
Sleep
GetVersionExW
MulDiv
ResetEvent
CreateEventW
GlobalFree
GetCurrentProcess
GlobalLock
GlobalAlloc
lstrcmpW
GlobalUnlock
GetModuleHandleW
GetACP
GetCPInfo
VirtualFree
GetConsoleCP
LoadLibraryW
IsValidCodePage
HeapCreate
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
ExitProcess
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
SetErrorMode
InterlockedCompareExchange
IsProcessorFeaturePresent
GetTempFileNameW
FlushInstructionCache
SetLastError
GetCurrentThreadId
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetCurrentDirectoryW
WritePrivateProfileStringW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FileTimeToSystemTime
GlobalGetAtomNameW
GlobalFindAtomW
CompareStringW
GetVersionExA
FreeResource
LoadLibraryA
SuspendThread
SetThreadPriority
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
CopyFileW
GlobalSize
lstrlenA
OpenProcess
FormatMessageW
GetMailslotInfo
CreateMailslotW
LocalFree
GetTempPathW
HeapAlloc
HeapSize
GetProcessHeap
HeapFree
GetCurrentProcessId
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
ReleaseSemaphore
CreateSemaphoreW
OpenMutexW
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
GetLocaleInfoW
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
CreateFileW
GetFullPathNameW
DeleteFileW
QueryPerformanceFrequency
QueryPerformanceCounter
ReleaseMutex
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
ResumeThread
CreateThread
GetFileAttributesW
GetExitCodeProcess
GetSystemWindowsDirectoryW
CreateProcessW
GetSystemDefaultLCID
GetUserDefaultLCID

user32

FrameRect
SetMenuDefaultItem
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
LockWindowUpdate
BringWindowToTop
SetCursorPos
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawEdge
DrawIconEx
IsRectEmpty
DrawStateW
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
SetParent
IsZoomed
MessageBeep
IsClipboardFormatAvailable
CharUpperW
DestroyIcon
DeleteMenu
SetRectEmpty
LoadMenuW
SetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
SetForegroundWindow
ShowScrollBar
GetClassInfoW
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
GetMenu
SystemParametersInfoA
GetWindowPlacement
DestroyMenu
GetMenuItemInfoW
IntersectRect
SetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetScrollPos
SetScrollPos
MapVirtualKeyW
GetKeyNameTextW
GetActiveWindow
GetCursorPos
ValidateRect
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetUpdateRect
CheckMenuItem
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetShellWindow
AdjustWindowRectEx
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
GetMenuDefaultItem
OpenClipboard
CopyImage
LoadImageW
SetClipboardData
CloseClipboard
EmptyClipboard
CallNextHookEx
PostQuitMessage
GetMessageW
GetKeyState
IsDialogMessageW
WaitMessage
MapWindowPoints
UnregisterClassW
RegisterClassW
SystemParametersInfoW
DrawFocusRect
OffsetRect
DrawFrameControl
UpdateWindow
InflateRect
CopyRect
SetWindowRgn
TrackMouseEvent
PtInRect
SetRect
EndPaint
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
GetIconInfo
IsCharLowerW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DestroyCursor
GetWindowRgn
GetNextDlgGroupItem
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
RegisterWindowMessageW
FillRect
IsChild
SetCapture
InvalidateRgn
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
RegisterClassExW
GetWindowTextW
GetDlgItem
SetWindowLongW
RedrawWindow
GetDesktopWindow
GetSysColor
IsWindow
CreateWindowExW
ReleaseCapture
SetWindowTextW
CallWindowProcW
DefWindowProcW
GetWindow
MoveWindow
SetCursor
GetSystemMenu
SetTimer
GetWindowRect
IsIconic
PostMessageW
KillTimer
GetFocus
GetParent
LoadCursorW
DrawIcon
wsprintfW
GetDC
TranslateMessage
ShowCursor
LoadIconW
InvalidateRect
AppendMenuW
PeekMessageW
ReleaseDC
EnableMenuItem
SetWindowPos
ShowWindow
GetSysColorBrush
MessageBoxW
GetSystemMetrics
IsWindowVisible
EnableWindow
DispatchMessageW
TranslateAcceleratorW
CharNextW
LoadAcceleratorsW
GetClientRect
GetWindowLongW
GetClassNameW
SendMessageW
ModifyMenuW
UnregisterClassA
GetScrollRange

gdi32

SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
CreateHatchBrush
CopyMetaFileW
PatBlt
SetRectRgn
CombineRgn
DPtoLP
GetDCOrgEx
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateDIBSection
CreateEllipticRgn
Polyline
Ellipse
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
RoundRect
Rectangle
CreatePalette
GetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
SetLayout
CreateDCW
CreateRectRgnIndirect
CreateEllipticRgnIndirect
Polygon
CreatePen
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
CreateSolidBrush
CreateFontIndirectW
GetDeviceCaps
GetObjectW
GetTextExtentPoint32W

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

EnumPortsW
OpenPrinterW
DocumentPropertiesW
ClosePrinter
EnumPrintersW
ord203
XcvDataW

advapi32

RegQueryValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
DuplicateTokenEx
RegEnumKeyW
RegOpenKeyW

shell32

SHAppBarMessage
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHGetSpecialFolderLocation
FindExecutableW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
ord680
SHGetPathFromIDListW
SHGetMalloc

comctl32

ImageList_GetIconSize
ImageList_GetIcon
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw

ole32

IsAccelerator
DoDragDrop
OleTranslateAccelerator
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoCreateGuid
OleUninitialize
CoGetClassObject
PropVariantClear
CoUninitialize
CoInitializeEx
ReleaseStgMedium
OleDuplicateData

oleaut32

SysFreeString
VariantChangeType
SafeArrayGetElement
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
SysStringLen
SysAllocString
VariantClear
VarUI4FromStr

winmm

PlaySoundW
mciSendCommandW
timeGetTime
mciGetErrorStringW

ws2_32

sendto
recvfrom
send
connect
accept
listen
bind
__WSAFDIsSet
getsockopt
setsockopt
WSACleanup
WSAStartup
WSAGetLastError
socket
closesocket
ntohs
htons
ntohl
inet_addr
gethostbyname
select
shutdown
recv
htonl

iphlpapi

GetIpAddrTable

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipCloneImage
GdipDrawImageRectI
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateHICONFromBitmap
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

Exports

Exports

??_FCPrnDrvInst@@QAEXXZ
?GetDeviceName@CPrnDrvInst@@IAE?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
?GetDriverPath@CPrnDrvInst@@QAE?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?SetDrvPath@CPrnDrvInst@@IAEXPBD@Z

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1003KB - Virtual size: 1003KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c898f8e0b4d07940a463c546f10b5db

Code Sign

5a:0b:ea:b1:73:15:e8:22:d0:45:0f:87:29:3e:3b:8fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

bb:7a:a5:50:56:20:2f:1f:4b:2b:9b:e6:40:8a:71:79:5b:ce:16:ebSigner

Headers

DLL Characteristics

File Characteristics

Imports

epinstmgr

version

enappinst

shlwapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

winmm

ws2_32

iphlpapi

imm32

userenv

gdiplus

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1003KB - Virtual size: 1003KB

.data Size: 48KB - Virtual size: 79KB

.rsrc Size: 489KB - Virtual size: 488KB

.reloc Size: 316KB - Virtual size: 315KB

5a:0b:ea:b1:73:15:e8:22:d0:45:0f:87:29:3e:3b:8f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

bb:7a:a5:50:56:20:2f:1f:4b:2b:9b:e6:40:8a:71:79:5b:ce:16:eb
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1003KB - Virtual size: 1003KB

.data
Size: 48KB - Virtual size: 79KB

.rsrc
Size: 489KB - Virtual size: 488KB

.reloc
Size: 316KB - Virtual size: 315KB