NEAS[.]789172989294466ae3db3138af034d20[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.789172989294466ae3db3138af034d20.exe
Size

2.6MB
MD5

789172989294466ae3db3138af034d20
SHA1

cb2e0224ef8eaa68142ace82a1b6b5a75fc48a8c
SHA256

9db932ead3770165112205e14aee3442e0f5de70afb337cf0c4d81870afab4bf
SHA512

bda15d320419c55287416902e1fe5db756d87137414ff017178f023d92908cd17639d1b692d4316bef774d3a3d1d9bd7158c7463f8ad266d455b88a0dedf3658
SSDEEP

49152:K6wJLtAusHRFQ/QnVXE6C6JH5rdVI7crYp9ACNrPIW+gnt+C:KdSusHTtVxHxdK7crC7rgCnt+C

Score

1^/10

Malware Config

Signatures

Files

NEAS.789172989294466ae3db3138af034d20.exe
.dll windows:5 windows x86

7783f20ae15f3feb3e8abd18b489b322

Code Sign

33:00:00:02:38:91:cb:4c:c7:11:fd:cd:05:00:00:00:00:02:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:07

Not After

08/08/2019, 20:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:cb:5f:0a:4f:56:66:1e:bd:e1:5b:68:8f:e6:83:7a:13:0d:04:c6:3d:d4:b2:88:31:61:b9:9f:3d:33:16:c1
Signer

Actual PE Digest

61:cb:5f:0a:4f:56:66:1e:bd:e1:5b:68:8f:e6:83:7a:13:0d:04:c6:3d:d4:b2:88:31:61:b9:9f:3d:33:16:c1

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetQueuedCompletionStatus
LocalFileTimeToFileTime
GlobalMemoryStatusEx
GetThreadPriority
GetBinaryTypeA
GetCurrentProcess
PostQueuedCompletionStatus
UnregisterWaitEx
SwitchToThread
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LocalFlags
LocalLock
GetModuleHandleA
GetCurrentActCtx
GetExitCodeProcess
WaitForSingleObjectEx
CreateNamedPipeA
InterlockedPushEntrySList
SetCommMask
GetLargestConsoleWindowSize

shell32

SHEnumerateUnreadMailAccountsW

setupapi

CM_Get_Res_Des_Data_Size
CM_Locate_DevNodeW
SetupDiSetClassInstallParamsA

iphlpapi

GetIfTable
Icmp6ParseReplies

msvcrt

fwprintf
putc
memset
isupper

winmm

mmioOpenW

wintrust

CryptCATStoreFromHandle
WinVerifyTrustEx
WintrustAddActionID

secur32

EncryptMessage

rpcrt4

I_RpcBindingIsClientLocal
NdrUserMarshalBufferSize
NdrClientInitializeNew
RpcStringFreeW

esent

JetCloseDatabase

ole32

CoCancelCall
CoEnableCallCancellation
CoCreateInstance
CoDosDateTimeToFileTime
CoAllowSetForegroundWindow

gdi32

SetBitmapDimensionEx
CombineRgn
SetBrushOrgEx
MaskBlt
GetWindowExtEx
GetCurrentPositionEx
SelectPalette

winspool.drv

AddJobW

wininet

InternetQueryDataAvailable

ntdsapi

DsBindW

advapi32

RegOpenCurrentUser
InitiateSystemShutdownW

ws2_32

select

oleaut32

SysAllocStringByteLen
SysReAllocString

shlwapi

ColorHLSToRGB

user32

DialogBoxIndirectParamW
SendDlgItemMessageW
RemovePropW
CreateIconFromResourceEx
TrackPopupMenuEx
GetClipCursor
PaintDesktop
PostQuitMessage
GetUpdateRgn
WindowFromPoint
ToUnicodeEx
MonitorFromPoint
CreateWindowExA
GetQueueStatus
ScreenToClient

Exports

Exports

TaretxopnnevnNtitx

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2*s+PkG
Size: 568KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5QwK*98
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dkx
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7Hoy
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

H
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7783f20ae15f3feb3e8abd18b489b322

Code Sign

33:00:00:02:38:91:cb:4c:c7:11:fd:cd:05:00:00:00:00:02:38Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

61:cb:5f:0a:4f:56:66:1e:bd:e1:5b:68:8f:e6:83:7a:13:0d:04:c6:3d:d4:b2:88:31:61:b9:9f:3d:33:16:c1Signer

Headers

File Characteristics

Imports

kernel32

shell32

setupapi

iphlpapi

msvcrt

winmm

wintrust

secur32

rpcrt4

esent

ole32

gdi32

winspool.drv

wininet

ntdsapi

advapi32

ws2_32

oleaut32

shlwapi

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1.1MB - Virtual size: 1.1MB

2*s+PkG Size: 568KB - Virtual size: 564KB

5QwK*98 Size: 336KB - Virtual size: 335KB

dkx Size: 100KB - Virtual size: 96KB

7Hoy Size: 320KB - Virtual size: 318KB

H Size: 196KB - Virtual size: 193KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

33:00:00:02:38:91:cb:4c:c7:11:fd:cd:05:00:00:00:00:02:38
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

61:cb:5f:0a:4f:56:66:1e:bd:e1:5b:68:8f:e6:83:7a:13:0d:04:c6:3d:d4:b2:88:31:61:b9:9f:3d:33:16:c1
Signer

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1.1MB - Virtual size: 1.1MB

2*s+PkG
Size: 568KB - Virtual size: 564KB

5QwK*98
Size: 336KB - Virtual size: 335KB

dkx
Size: 100KB - Virtual size: 96KB

7Hoy
Size: 320KB - Virtual size: 318KB

H
Size: 196KB - Virtual size: 193KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB