NEAS[.]84ad2bf74a74e994f39edd00c2725680[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.84ad2bf74a74e994f39edd00c2725680.exe
Size

2.6MB
MD5

84ad2bf74a74e994f39edd00c2725680
SHA1

4f0d150794b782f78a69b655e4ed68dcbdb2ac82
SHA256

950ce2ae2fc79bfc1b9a9e0f6987e401ec2c7a462bd30f734766c4b10c90c4b5
SHA512

5aea37da84fc656798bb446d530cba66fcb03f8d5c4540d2d732fd1712cb52239fba049244a93859899eac17bedb7971000d05b96cd1edcee9c83152e6fd9247
SSDEEP

49152:u8FsQGbHctfgwUNaYZOAs5gpa/yoCHRIQOQcOU84MlHyMMYguH8:xyQYkfmNaYZOVgpahVacOb4MlHyMMYgF

Score

1^/10

Malware Config

Signatures

Files

NEAS.84ad2bf74a74e994f39edd00c2725680.exe
.exe windows:5 windows x86

7bc8c2c29324d5a7c5b0e52a6b93849b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:a1:29:ff:53:cc:ba:91:1a:4d:44:ec:01:5f:21:d2
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/08/2015, 00:00

Not After

27/08/2018, 12:00

Subject

CN=Jetico Inc. Oy,O=Jetico Inc. Oy,L=Espoo,ST=Uusimaa,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:1a:f8:8b:14:27:22:5b:9c:16:39:0c:f3:7e:e1:ba:53:88:dc:31
Signer

Actual PE Digest

54:1a:f8:8b:14:27:22:5b:9c:16:39:0c:f3:7e:e1:ba:53:88:dc:31

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

secur32

GetUserNameExW

kernel32

FlushFileBuffers
Sleep
DeleteFileA
CreateThread
GetExitCodeThread
DeviceIoControl
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryA
GetSystemTime
GetSystemDirectoryA
RemoveDirectoryW
GetLogicalDrives
GetDiskFreeSpaceW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
MoveFileExW
GetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableA
SetFirmwareEnvironmentVariableW
GetCurrentThreadId
ExitProcess
ReleaseSemaphore
WaitNamedPipeW
GetTickCount
lstrcpyW
GetFullPathNameW
GetModuleHandleW
SetLastError
CreateSemaphoreW
lstrcpynW
CreateSemaphoreA
GetFileAttributesExW
GetFileAttributesExA
CopyFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetComputerNameA
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
GetPriorityClass
GetThreadPriority
GetCurrentThread
GetVolumeNameForVolumeMountPointW
FindVolumeClose
FindNextVolumeW
GetVolumeInformationW
FindFirstVolumeW
SetCurrentDirectoryW
GetWindowsDirectoryW
lstrlenW
GetSystemDirectoryW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
QueryDosDeviceW
VirtualFree
VirtualAlloc
GetFileAttributesW
TerminateThread
InterlockedDecrement
LoadLibraryExA
GetVersion
GetModuleHandleA
GetFileType
GetStdHandle
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
FileTimeToSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetDateFormatA
GetDateFormatW
GetShortPathNameA
GetShortPathNameW
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
SetFileAttributesW
MulDiv
LocalFree
FormatMessageW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetFileTime
GetFileTime
GetTempFileNameW
GlobalGetAtomNameW
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryW
lstrlenA
GetThreadLocale
MoveFileW
GetStringTypeExW
lstrcmpiW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FileTimeToLocalFileTime
CreateFileA
SetErrorMode
GetStartupInfoW
RtlUnwind
GetFileAttributesA
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetTimeFormatA
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
GetDriveTypeA
MultiByteToWideChar
GetLastError
GetDriveTypeW
GetFileSizeEx
GetVersionExW
GetModuleFileNameW
CreateFileW
CreateDirectoryW
WriteFile
GetFileSize
SetFilePointer
ReadFile
DeleteFileW
GetCurrentProcessId
CopyFileW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryW
LoadLibraryExW
CloseHandle
GetModuleFileNameA
LoadLibraryA
GetCurrentProcess
GetProcAddress
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFileTimeToFileTime

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
LogonUserW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenServiceW
InitiateSystemShutdownW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyA
RegFlushKey
RegOpenKeyExA
RegEnumValueW
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegSetValueW
LookupAccountSidW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
IIDFromString
CoTaskMemAlloc

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantChangeType
SysAllocStringLen
VariantInit

ws2_32

closesocket
send
recv
socket
gethostbyname
htons
connect
WSAStartup
WSACleanup
shutdown

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bc8c2c29324d5a7c5b0e52a6b93849b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

09:a1:29:ff:53:cc:ba:91:1a:4d:44:ec:01:5f:21:d2Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

54:1a:f8:8b:14:27:22:5b:9c:16:39:0c:f3:7e:e1:ba:53:88:dc:31Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

secur32

kernel32

winspool.drv

advapi32

ole32

oleaut32

ws2_32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 329KB - Virtual size: 328KB

.data Size: 79KB - Virtual size: 418KB

.rsrc Size: 876KB - Virtual size: 876KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

09:a1:29:ff:53:cc:ba:91:1a:4d:44:ec:01:5f:21:d2
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

54:1a:f8:8b:14:27:22:5b:9c:16:39:0c:f3:7e:e1:ba:53:88:dc:31
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 329KB - Virtual size: 328KB

.data
Size: 79KB - Virtual size: 418KB

.rsrc
Size: 876KB - Virtual size: 876KB