NEAS[.]418211f77165218d7c39af2de0fe2aa0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.418211f77165218d7c39af2de0fe2aa0.exe
Size

3.8MB
MD5

418211f77165218d7c39af2de0fe2aa0
SHA1

93ccfd2876bdb9841f961296ef76de4e49c459ae
SHA256

ed306924e7c0be7b6752339fa2e2f8e6020b8ab991c518bef02cd6ddef51373d
SHA512

9b601c9738ba732ec1a22ed8102927ebe6ec54cb78f71486214b8c1a3c2d26cf02990ea234e3f946a712b5849af85111954c42ac771b1cdd8323695fd1bf4303
SSDEEP

98304:4654piMOJlRrSIx5cF9uBAJ7dT4LxBgqwzDeeHv:N4c22LxSHeC

Score

1^/10

Malware Config

Signatures

Files

NEAS.418211f77165218d7c39af2de0fe2aa0.exe
.exe windows:4 windows x86

0c535a160849b1ed58a7ecf3ca6b8fd9

Code Sign

38:18:06:96:8e:14:40:f9:d5:b4:13:3a:91:00:36:05
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2021, 00:00

Not After

30/03/2022, 23:59

Subject

CN=Süleyman DOĞAN,O=Süleyman DOĞAN,L=Ayvacık,ST=Samsun,C=TR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ed:4b:0b:ff:43:46:ed:9f:94:a3:1c:b4:55:ee:58:df:49:ff:0f:2e
Signer

Actual PE Digest

ed:4b:0b:ff:43:46:ed:9f:94:a3:1c:b4:55:ee:58:df:49:ff:0f:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA

dinput8

DirectInput8Create

gdi32

EnumFontFamiliesA
AddFontResourceA
CreateDCA
CreateCompatibleBitmap
GetObjectA
SelectPalette
RealizePalette
GetDIBits
GetSystemPaletteEntries
CreatePalette
BitBlt
GetDeviceCaps
ExtTextOutA
GetTextExtentPoint32A
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
SetMapMode
DeleteDC
CreateCompatibleDC
CreateFontA
SelectObject
DeleteObject
GetStockObject
SetBkMode
SetROP2

imm32

ImmIsIME
ImmGetContext
ImmSetStatusWindowPos
ImmReleaseContext
ImmAssociateContext

kernel32

InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalReAlloc
GetTempFileNameA
CopyFileA
GetWindowsDirectoryA
SetThreadAffinityMask
GetCurrentThread
CreateMutexA
GlobalMemoryStatus
InterlockedExchange
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
FlushFileBuffers
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetVersionExA
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
GetStartupInfoA
MoveFileA
GetFileAttributesA
RaiseException
MultiByteToWideChar
GetTimeZoneInformation
GetCurrentProcess
ExitProcess
RtlUnwind
SetEndOfFile
GetVersion
IsBadReadPtr
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapFree
LoadLibraryA
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindNextFileA
WritePrivateProfileStringA
GetCurrentDirectoryA
CreateDirectoryA
FindFirstFileA
FindClose
lstrcpynA
Sleep
GetTickCount
lstrcpyA
GetLastError
lstrcatA
DeleteFileA
GetLocalTime
SetFilePointer
GetFileSize
GlobalAlloc
GlobalFree
GetModuleFileNameA
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
CreateFileA
CloseHandle
lstrcmpA
lstrlenA
SetCurrentDirectoryA
ReadFile
lstrlenW
WideCharToMultiByte
GetModuleHandleA
TerminateProcess
GetProcAddress
GetSystemTime
CreateFileW
lstrcmpiA

oleaut32

SafeArrayCreate
VariantChangeType
VariantInit
SysAllocString
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy

shell32

ShellExecuteA

user32

ChangeDisplaySettingsA
EnumDisplaySettingsA
AdjustWindowRect
FlashWindow
RegisterClassExA
LoadIconA
DispatchMessageA
SetRect
PtInRect
ReleaseDC
SetForegroundWindow
InvalidateRect
ScreenToClient
GetDoubleClickTime
IsRectEmpty
CopyRect
UnregisterClassA
GetPropA
SetPropA
TranslateMessage
PeekMessageA
GetDC
SendMessageA
SetWindowLongA
CreateWindowExA
GetKeyboardLayout
CallWindowProcA
SetFocus
RemovePropA
MoveWindow
GetWindowTextA
CharLowerA
wsprintfA
MessageBoxA
GetActiveWindow
DefWindowProcA
GetClientRect
PostQuitMessage
ShowCursor
GetCursorPos
SetRectEmpty
EqualRect
GetAsyncKeyState
SetCursorPos
ClientToScreen
GetParent
SetCursor
GetCursor
DestroyWindow
ClipCursor
GetWindowRect
ShowWindow
UpdateWindow
GetSystemMetrics
EndPaint
BeginPaint
RegisterClassA
SetActiveWindow
LoadCursorA
SetWindowTextA
GetClassInfoA

winmm

PlaySoundA
timeGetTime

wsock32

inet_addr
gethostbyname
ntohl
htonl
send
ntohs
inet_ntoa
gethostname
ioctlsocket
htons
socket
WSAGetLastError
setsockopt
connect
WSAAsyncSelect
closesocket
WSACleanup
WSAStartup
recv

d3d8

Direct3DCreate8

mss32

_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_quick_startup@20
_AIL_quick_handles@12
_AIL_set_digital_master_room_type@8
_AIL_set_DirectSound_HWND@8
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_open_3D_listener@4
_AIL_set_3D_orientation@28
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_position@16
_AIL_quick_set_volume@12
_AIL_quick_halt@4
_AIL_end_3D_sample@4
_AIL_pause_stream@8
_AIL_set_3D_sample_volume@8
_AIL_set_stream_volume_levels@12
_AIL_quick_play@8
_AIL_set_stream_position@8
_AIL_start_stream@4
_AIL_quick_status@4
_AIL_3D_sample_status@4
_AIL_stream_status@4
_AIL_file_read@8
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_decompress_ADPCM@12
_AIL_quick_load_mem@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_file@8
_AIL_open_stream@12
_AIL_set_stream_loop_count@8
_AIL_mem_free_lock@4
_AIL_quick_unload@4
_AIL_release_3D_sample_handle@4
_AIL_close_stream@4
_AIL_start_3D_sample@4

ole32

CoInitialize
CLSIDFromString
CoCreateInstance
CoUninitialize

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 246KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 135KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c535a160849b1ed58a7ecf3ca6b8fd9

Code Sign

38:18:06:96:8e:14:40:f9:d5:b4:13:3a:91:00:36:05Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

ed:4b:0b:ff:43:46:ed:9f:94:a3:1c:b4:55:ee:58:df:49:ff:0f:2eSigner

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

imm32

kernel32

oleaut32

shell32

user32

winmm

wsock32

d3d8

mss32

ole32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.data Size: 246KB - Virtual size: 248KB

Size: 135KB - Virtual size: 1.6MB

.rsrc Size: 28KB - Virtual size: 27KB

.idata Size: 8KB - Virtual size: 8KB

38:18:06:96:8e:14:40:f9:d5:b4:13:3a:91:00:36:05
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

ed:4b:0b:ff:43:46:ed:9f:94:a3:1c:b4:55:ee:58:df:49:ff:0f:2e
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 246KB - Virtual size: 248KB

.rsrc
Size: 28KB - Virtual size: 27KB

.idata
Size: 8KB - Virtual size: 8KB