NEAS[.]73106fda791e2aa8bebd3358b02990f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.73106fda791e2aa8bebd3358b02990f0.exe
Size

2.4MB
MD5

73106fda791e2aa8bebd3358b02990f0
SHA1

e85cfd4e6c1c48c0bc9fa1e6fc7c34a5826974c9
SHA256

2ba44020f890f40753f95f9688d17743ad10b12f28373b39cc5da3dafdf3cc55
SHA512

1f9840adf9fd193b80bf3a37f767a0a52a875c1c1bf2b8a438daa5959aaf732d77cd1180b9d88430a5f3162b9433f816f783747f3b3056e07068df7d680c28a4
SSDEEP

24576:4jTbYOWHrxdjsBfl9VPMo0LTsOjuao9ju+AgeHoBZ2FJ9Hxoz9y7OL7c94tKeoTk:GXcfnmIFHC/o9WoTQiaMY5ymVUlIYQ

Score

1^/10

Malware Config

Signatures

Files

NEAS.73106fda791e2aa8bebd3358b02990f0.exe
.exe windows:4 windows x86

bb759020fec80aae2b84b80af7ccb4f9

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:a1:23
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/08/2005, 07:22

Not After

27/08/2007, 09:22

Subject

CN=Gretech Corp.,OU=Service Development Biz.,O=Gretech Corp.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutGetNumDevs
mixerClose
mixerGetNumDevs
mixerGetLineControlsW
mixerOpen
mixerGetID
mixerGetLineInfoW
mixerGetDevCapsW
mixerSetControlDetails
mixerGetControlDetailsW

kernel32

HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
CompareStringA
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetEnvironmentVariableA
GetModuleHandleW
CloseHandle
ReadFile
CreateFileW
LockResource
LoadResource
FindResourceW
GetFullPathNameW
SetHandleCount
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
GetVersionExA
lstrcpyW
GetProcAddress
CompareStringW
WaitForSingleObject
SetEvent
ResetEvent
GetLastError
CreateThread
WaitForMultipleObjects
GlobalFree
DeleteFileW
SetFilePointer
GlobalAlloc
DeviceIoControl
GetVersion
GetFileSize
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetFileType
SetStdHandle
ExitThread
RaiseException
HeapReAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
IsBadReadPtr
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetStartupInfoW
lstrcatW
GetEnvironmentVariableA
GetModuleFileNameA
GetStartupInfoA
GetCurrentProcessId
GetStdHandle
CreateDirectoryW
GetPrivateProfileStringA
GetFileInformationByHandle
IsDBCSLeadByteEx
CreateFileA
CreateSemaphoreW
ReleaseSemaphore
GetSystemInfo
GetProfileStringA
GlobalAddAtomA
FindResourceA
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalSize
SetErrorMode
FindResourceExW
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
lstrcmpiA
GetCurrentThread
GetProfileIntW
GlobalGetAtomNameW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetTempFileNameW
lstrcmpiW
GetThreadLocale
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
SuspendThread
ResumeThread
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleA
FlushInstructionCache
VirtualProtect
SetLastError
lstrcpynW
FormatMessageW
lstrlenA
GetFileAttributesW
GetLogicalDrives
SetThreadPriority
InterlockedExchange
CreateEventW
GetACP
GetShortPathNameW
InterlockedDecrement
HeapDestroy
InterlockedIncrement
GlobalFindAtomW
SetPriorityClass
GetUserDefaultLangID
CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
OpenProcess
Process32NextW
LoadLibraryA
SizeofResource
GetExitCodeProcess
CreateProcessW
GetCurrentProcess
CopyFileW
GetLocaleInfoW
GetDriveTypeW
TerminateThread
GetCurrentThreadId
GlobalLock
GlobalUnlock
WinExec
MulDiv
SetCurrentDirectoryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetUserDefaultLCID
GetVersionExW
GetTempPathW
lstrcmpW
GetTickCount
Sleep
LoadLibraryW
GetModuleFileNameW
FreeLibrary
LocalAlloc
LocalFree
WriteFile
lstrlenW

user32

IsClipboardFormatAvailable
IsZoomed
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
WindowFromPoint
wvsprintfW
MapDialogRect
GetAsyncKeyState
GetMessageW
ValidateRect
EndDialog
CreateDialogIndirectParamW
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
SetMenuItemBitmaps
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
SendDlgItemMessageA
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
WinHelpW
GetClassInfoW
GetMenuItemID
GetWindowTextLengthW
GetDlgCtrlID
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
GetMessagePos
GetLastActivePopup
GetForegroundWindow
IsIconic
GetWindowPlacement
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
SetActiveWindow
DestroyIcon
AnimateWindow
SetLastErrorEx
MonitorFromRect
GetMonitorInfoW
RegisterClassExW
CreateWindowExW
DrawIcon
RemovePropW
GetPropA
DialogBoxIndirectParamW
AttachThreadInput
ShowOwnedPopups
LoadCursorFromFileW
GetClassLongW
SetClassLongW
CallWindowProcW
UnregisterHotKey
MapWindowPoints
LoadStringW
CharNextW
EnumWindows
GetWindowTextW
SendMessageTimeoutW
SetWindowTextW
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
SubtractRect
DestroyWindow
SetParent
TrackPopupMenu
DestroyMenu
ExitWindowsEx
EqualRect
ChangeDisplaySettingsW
ShowCursor
MessageBeep
ShowWindow
GetActiveWindow
IsChild
CreatePopupMenu
SetMenuItemInfoW
EnableMenuItem
ModifyMenuW
GetMenuStringW
SetWindowContextHelpId
RegisterClipboardFormatW
GetClassNameW
GetSysColorBrush
CopyAcceleratorTableW
GetWindowThreadProcessId
GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
SetPropA
CheckMenuRadioItem
AppendMenuW
GetMenuItemCount
CheckMenuItem
DeleteMenu
RemoveMenu
InsertMenuW
IsWindowVisible
ScreenToClient
GetDoubleClickTime
GetCursorPos
LoadAcceleratorsW
SetForegroundWindow
PostThreadMessageW
DestroyCursor
InvalidateRgn
CreateAcceleratorTableW
GetClassInfoExW
PostQuitMessage
IntersectRect
SetMenu
FindWindowW
SetCursor
RedrawWindow
GetFocus
IsWindowEnabled
SetFocus
GetWindow
GetCapture
UpdateWindow
GetKeyState
DrawTextA
GetNextDlgTabItem
PtInRect
SetCapture
ReleaseCapture
SetRectEmpty
DrawFrameControl
DrawEdge
GetWindowDC
DrawFocusRect
GetSysColor
LoadMenuW
GetSubMenu
wsprintfA
MoveWindow
IsWindow
GetDlgItem
LoadIconW
DrawTextW
PeekMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowExW
SetWindowRgn
PostMessageW
MessageBoxW
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
EnableWindow
GetParent
SendMessageW
KillTimer
CopyRect
FillRect
IsRectEmpty
SetTimer
EnumDisplaySettingsW
InvalidateRect
DefWindowProcW
LoadCursorW
RegisterClassW
OffsetRect
InflateRect
UnionRect
RegisterWindowMessageW
CharUpperW
wsprintfW
GetClientRect
ClientToScreen
GetSystemMetrics
GetDC
ReleaseDC
LoadImageW
GetWindowLongW
SetWindowLongW
SetRect
GetMenu
AdjustWindowRectEx
SetWindowPos
SystemParametersInfoW
GetWindowRect
SetWindowLongA
GetClassNameA
IsWindowUnicode
SendMessageA
GetWindowLongA
SetWindowsHookExA
RemovePropA
CallWindowProcA
CharNextA
DefWindowProcA
DefDlgProcA
GetMessageTime
GetClassInfoA

gdi32

SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
EndPath
GetViewportExtEx
GetWindowExtEx
GetDeviceCaps
CreatePatternBrush
PtVisible
RectVisible
Escape
CreateBitmap
GetMapMode
PatBlt
SetRectRgn
SetWindowOrgEx
GetTextColor
GetTextMetricsW
StretchDIBits
GetCharWidthW
LPtoDP
CopyMetaFileW
GetPath
AbortPath
BeginPath
TextOutA
GetTextExtentPoint32A
CreateFontA
GetRegionData
GetClipBox
GetCurrentObject
CreateFontIndirectW
CreateCompatibleBitmap
PtInRegion
CreatePolygonRgn
FrameRgn
Rectangle
Polygon
EnumFontFamiliesExW
CreateSolidBrush
DeleteObject
GetObjectW
GetTextExtentPoint32W
SelectObject
DeleteDC
StretchBlt
CreateCompatibleDC
TextOutW
SetTextColor
SetBkColor
CreateFontW
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SaveDC
CreatePen
RestoreDC
ExtTextOutW
FillRgn
DPtoLP
CloseFigure
SetBkMode
GetStockObject
BitBlt
CreateRectRgn
GetBkColor
CreateDIBitmap
GetTextExtentPointA
ExtTextOutA
GetDIBColorTable
CreateDIBSection
OffsetRgn
ExtCreateRegion
CreateEllipticRgn
CreateRoundRectRgn
CombineRgn
CreateRectRgnIndirect
SetTextCharacterExtra

comdlg32

GetFileTitleW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetFileSecurityW
SetFileSecurityW
RegSetValueExA
RegSetValueW
RegSetValueA
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyW
RegOpenKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EqualSid

shell32

Shell_NotifyIconW
DragAcceptFiles
SHFileOperationW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
DragQueryPoint
DragQueryFileW
DragFinish
ShellExecuteW

comctl32

_TrackMouseEvent
ImageList_LoadImageW
ImageList_Create
ImageList_Destroy
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ord17
ImageList_Draw
ImageList_AddMasked

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
CLSIDFromProgID
OleGetClipboard
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
OleSetContainedObject
OleCreate
OleLockRunning
RegisterDragDrop
CoRevokeClassObject
OleUninitialize
OleInitialize
CoRegisterClassObject
CoCreateGuid
CoUninitialize
OleLoadFromStream
StgOpenStorage
StgCreateDocfile
OleSaveToStream
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
CoLoadLibrary
CoFreeLibrary
CreateBindCtx
MkParseDisplayName
OleIsCurrentClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleDuplicateData
StringFromCLSID
CoRegisterMessageFilter
OleFlushClipboard
CoInitialize

olepro32

ord251
ord253

oleaut32

SysFreeString
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
OleLoadPicturePath
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VariantCopy
VariantChangeType
VariantTimeToSystemTime

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

wininet

InternetSetCookieW
InternetSetOptionW
InternetCrackUrlA
InternetCreateUrlW
InternetCanonicalizeUrlW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetAttemptConnect
InternetConnectA
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExA
InternetCrackUrlW

imm32

ImmGetConversionStatus
ImmSetConversionStatus
ImmGetDefaultIMEWnd
ImmGetContext

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 228KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GOMSH
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb759020fec80aae2b84b80af7ccb4f9

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:a1:23Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

setupapi

wininet

imm32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 316KB - Virtual size: 312KB

.data Size: 228KB - Virtual size: 330KB

.GOMSH Size: 4KB - Virtual size: 12B

.rsrc Size: 308KB - Virtual size: 380KB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:a1:23
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 316KB - Virtual size: 312KB

.data
Size: 228KB - Virtual size: 330KB

.GOMSH
Size: 4KB - Virtual size: 12B

.rsrc
Size: 308KB - Virtual size: 380KB