NEAS[.]820e4eea405d9d0a73d99035b86aec50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.820e4eea405d9d0a73d99035b86aec50.exe
Size

989KB
MD5

820e4eea405d9d0a73d99035b86aec50
SHA1

10358615fdf9748d12e73ebdb0d019d3822f1bcc
SHA256

116ea01d1c57a1d2828da0e6ac53db9ed37315f9f139f9222da7ef96fea9b44b
SHA512

7fb8f3d90c48a018c804bda9ab7e7101506caec6a68978100618613fd64c1603c50f171f7fd7cf2a712955e47560bef70c86be14299908cd21e0c39bde616ed8
SSDEEP

24576:mlMKLlCV1kdiszul/inPqh36rRSAufzaK9TiSOYhIy:mlMKLlC/fL3ySlfGK9T1O6F

Score

1^/10

Malware Config

Signatures

Files

NEAS.820e4eea405d9d0a73d99035b86aec50.exe
.dll windows:4 windows x86

b6d711bcd706fce3a17cdb3ed5000f51

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:c1:5d:e8:ce:78:ab:62:1a:cb:c0:8d:aa:c2:35:17:89
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

11/08/2011, 10:38

Not After

11/08/2012, 10:38

Subject

CN=Star Spark (Beijing) Television Culture Communication Co.\, Ltd,O=Star Spark (Beijing) Television Culture Communication Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:33:4e:16:a1:e6:f5:07:bb:cc:e2:ef:60:92:6f:97:71:48:26:0e
Signer

Actual PE Digest

08:33:4e:16:a1:e6:f5:07:bb:cc:e2:ef:60:92:6f:97:71:48:26:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetConnectW
HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
InternetGetConnectedState
InternetOpenW

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetCurrentDirectoryW
InterlockedIncrement
InterlockedDecrement
lstrlenW
WritePrivateProfileStringW
WaitForSingleObject
WaitForMultipleObjects
SetEvent
DeleteFileW
CreateEventW
CreateDirectoryW
ExpandEnvironmentStringsW
GetModuleFileNameW
GetLastError
SetFilePointer
CreateFileW
CloseHandle
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
MultiByteToWideChar
GetACP
WideCharToMultiByte
GetFileAttributesW
SetFileTime
WriteFile
GetSystemTime
GetSystemInfo
CreateMutexW
ResetEvent
GetCurrentThreadId
Sleep
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcAddress
LoadLibraryW
TlsAlloc
SetEnvironmentVariableW
TlsFree
GetEnvironmentVariableW
FreeLibrary
GetModuleHandleW
TlsGetValue
TlsSetValue
SetFileAttributesW
GetDriveTypeW
GetPrivateProfileStringW
GetFileSize
RemoveDirectoryW
FormatMessageW
LocalFree
FormatMessageA
LoadLibraryA
GetDiskFreeSpaceW
InitializeCriticalSection
GetSystemTimeAsFileTime
InterlockedCompareExchange
AreFileApisANSI
HeapFree
GetProcessHeap
DeleteCriticalSection
InterlockedExchange
lstrcmpiW
lstrcatW
ReleaseMutex
CopyFileW
IsDebuggerPresent
SetEndOfFile
TerminateProcess
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
GetVersionExW
UnmapViewOfFile
UnlockFileEx
MapViewOfFile
CreateFileMappingW
CreateFileA
GetTempPathA
GetTempPathW
GetFileAttributesA
DeleteFileA
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

wsprintfW

shell32

SHFileOperationW
SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
OleRun
CoInitialize

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString

msvcp80

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

shlwapi

PathFindFileNameW
PathFileExistsW

msvcr80

wcscpy_s
??_V@YAXPAX@Z
_wtof
fwrite
_wremove
_itow
calloc
free
strcmp
malloc
strlen
wcscat
wcslen
wcscpy
wcsstr
wcsncpy
strcpy
wcstombs
setlocale
mbstowcs
memmove_s
sprintf
_vswprintf
fopen
fread
_wtoi
_swprintf
wcstol
_vswprintf_c_l
_time64
strncmp
_localtime64_s
realloc
memcmp
memmove
atoi
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
wcsrchr
_endthreadex
_beginthreadex
_wtol
swprintf_s
memcpy
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
_purecall
wcscat_s
_wfopen
fclose
clearerr
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
feof
ftell
fprintf
_fdopen
_errno
ferror
_vsnprintf
fflush
fseek
fputc
strcat
strerror
memset

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

iphlpapi

GetAdaptersInfo

Exports

Exports

CreatePluginInstance

Sections

.text
Size: 804KB - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6d711bcd706fce3a17cdb3ed5000f51

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

11:21:c1:5d:e8:ce:78:ab:62:1a:cb:c0:8d:aa:c2:35:17:89Certificate

Extended Key Usages

Key Usages

08:33:4e:16:a1:e6:f5:07:bb:cc:e2:ef:60:92:6f:97:71:48:26:0eSigner

Headers

File Characteristics

Imports

wininet

kernel32

user32

shell32

ole32

oleaut32

msvcp80

shlwapi

msvcr80

advapi32

iphlpapi

Exports

Exports

Sections

.text Size: 804KB - Virtual size: 800KB

.rdata Size: 108KB - Virtual size: 105KB

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 428B

.reloc Size: 36KB - Virtual size: 34KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

11:21:c1:5d:e8:ce:78:ab:62:1a:cb:c0:8d:aa:c2:35:17:89
Certificate

08:33:4e:16:a1:e6:f5:07:bb:cc:e2:ef:60:92:6f:97:71:48:26:0e
Signer

.text
Size: 804KB - Virtual size: 800KB

.rdata
Size: 108KB - Virtual size: 105KB

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 428B

.reloc
Size: 36KB - Virtual size: 34KB