NEAS[.]cf001027d1d5769eb9d632127ccdd100[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cf001027d1d5769eb9d632127ccdd100.exe
Size

147KB
MD5

cf001027d1d5769eb9d632127ccdd100
SHA1

b3911977549cfe3c09dbe9513ead2558536f191d
SHA256

9a1a277a8e52694a85525e7c04c46d7553ae2436ab7a3eac1d716e67d1489574
SHA512

8a489352c11010a73a76fe2fa0920b0a3fa20616a5f6f03ee67a049d4fb5d3411c3246e7dc4f73cad61bf04aa039647900b6cfea265451aa5ccbe27cc44b6e03
SSDEEP

3072:CMwQOP2vsvOJrSWT2lQBV+UdE+rECWp7hK0husbvrD1s8:Rwz2EvOJeWXBV+UdvrEFp7hK0hB3

Score

1^/10

Malware Config

Signatures

Files

NEAS.cf001027d1d5769eb9d632127ccdd100.exe
.exe windows:4 windows x86

181bbecfbb91f40a2b207cac2decedde

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:97:71:c0:2a:39:50:29:a6:8c:5f:bd:b0:e8:67:fd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30/03/2010, 00:00

Not After

31/03/2013, 23:59

Subject

CN=Atheros Communications Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=SPE,O=Atheros Communications Inc.,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:57:cb:ec:36:53:c5:47:b3:ed:e4:02:69:09:ea:4e:a8:da:dc:08
Signer

Actual PE Digest

92:57:cb:ec:36:53:c5:47:b3:ed:e4:02:69:09:ea:4e:a8:da:dc:08

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
OpenEventW
WaitForMultipleObjects
ResetEvent
SetPriorityClass
GetCurrentProcess
SetThreadPriority
DeviceIoControl
SetEvent
MultiByteToWideChar
HeapAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
lstrlenA
CloseHandle
ReadFile
CreateFileW
SetCurrentDirectoryA
HeapFree
GetSystemDirectoryA
GetProcessHeap
InterlockedDecrement
InterlockedIncrement
TerminateThread
WaitForSingleObject
ResumeThread
CreateThread
GetLastError
GetModuleFileNameW
GetSystemTime
WideCharToMultiByte
OutputDebugStringW
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
GetSystemTimeAsFileTime
RaiseException
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc

user32

PostThreadMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetMessageW

advapi32

RegSetValueExA
RegCreateKeyExA
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
DeleteService
ControlService
OpenServiceW
StartServiceW
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

msvcr80

?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
wcsstr
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
ldiv
memcpy_s
strstr
_strupr
wcscat_s
system
free
malloc
??_V@YAXPAX@Z
printf
??2@YAPAXI@Z
wcsnlen
_vsnwprintf_s
??3@YAXPAX@Z
__CxxFrameHandler3
_CxxThrowException
memset
memmove
memcpy

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

181bbecfbb91f40a2b207cac2decedde

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

70:97:71:c0:2a:39:50:29:a6:8c:5f:bd:b0:e8:67:fdCertificate

Extended Key Usages

Key Usages

92:57:cb:ec:36:53:c5:47:b3:ed:e4:02:69:09:ea:4e:a8:da:dc:08Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcr80

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

70:97:71:c0:2a:39:50:29:a6:8c:5f:bd:b0:e8:67:fd
Certificate

92:57:cb:ec:36:53:c5:47:b3:ed:e4:02:69:09:ea:4e:a8:da:dc:08
Signer

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB