NEAS[.]9a3165953a9a599dcb36c6ec053bba50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9a3165953a9a599dcb36c6ec053bba50.exe
Size

1.1MB
MD5

9a3165953a9a599dcb36c6ec053bba50
SHA1

46c61a9b4037370d666695278f975d31a6759269
SHA256

dfb5af6737f5579cc67e03c023f2d6472cdaafc3be702336fc15ed5103e51d29
SHA512

1f98c8f5d9ee713089b5ea3a4f7b6698d5659f4993fcd944a949a709d7bd61b7a24e044d5848934e18ad650c0456b9d279ff46847db804a10e5383628b021039
SSDEEP

24576:eNyxoaZXN4gmfd5dQrmHOrgu8kjwzwxXfWgtgV2aIa7FCrEH7g:eQ3ZXSrfdgrmHOsu8kkcxXfWugVRIa7s

Score

1^/10

Malware Config

Signatures

Files

NEAS.9a3165953a9a599dcb36c6ec053bba50.exe
.dll windows:6 windows x86

2e5a8be7c4c08212451bcafa126f6941

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:4a:e4:b2:e0:c0:3d:b2:b9:db:bc:13:9c:ce:bb:81
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/09/2021, 00:00

Not After

07/10/2024, 23:59

Subject

SERIALNUMBER=110111-1707178,CN=NAVER Corp.,O=NAVER Corp.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b7:85:b6:5b:3a:ef:c8:e7:a8:a9:ea:99:4c:89:22:31:de:60:f6:3b
Signer

Actual PE Digest

b7:85:b6:5b:3a:ef:c8:e7:a8:a9:ea:99:4c:89:22:31:de:60:f6:3b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
HeapAlloc
QueueUserAPC
DeleteCriticalSection
VerSetConditionMask
GetProcessHeap
VerifyVersionInfoW
TlsGetValue
TlsFree
CreateIoCompletionPort
LocalAlloc
lstrcmpA
LocalFree
CreateFileW
UnmapViewOfFile
RaiseException
DecodePointer
CreateFileMappingW
MapViewOfFile
OutputDebugStringW
LoadLibraryW
GetProcAddress
FreeLibrary
GetStdHandle
WaitForSingleObjectEx
GetSystemTimeAsFileTime
LeaveCriticalSection
ReadFile
WriteFile
CreateEventW
SleepEx
CreateWaitableTimerW
MultiByteToWideChar
WideCharToMultiByte
CreateMutexA
SetEndOfFile
SetStdHandle
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
WaitForMultipleObjects
EnterCriticalSection
SetLastError
HeapFree
TlsSetValue
CreateEventA
GetModuleFileNameW
FormatMessageA
GetStringTypeW
SwitchToThread
GetTickCount
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
Sleep
GetCurrentProcessId
GetCurrentThreadId
ResetEvent
GetModuleHandleA
ResumeThread
CreateWaitableTimerA
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
CreateDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
WriteConsoleW

user32

UnregisterClassW
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW
RegisterClassW

ws2_32

WSASetLastError
WSARecv
bind
WSASend
WSAGetLastError
WSACleanup
WSAStartup
shutdown
closesocket
freeaddrinfo
getaddrinfo
WSASocketW
setsockopt
listen
ioctlsocket

mswsock

AcceptEx
GetAcceptExSockaddrs

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptDecodeObject
CryptMsgClose

Exports

Exports

CheckCodeSignValidationA
CheckCodeSignValidationW
InitCommonProxyA
InitCommonProxyW
SendProxyMessage
UnInitCommonProxy

Sections

.text
Size: 803KB - Virtual size: 803KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e5a8be7c4c08212451bcafa126f6941

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

0b:4a:e4:b2:e0:c0:3d:b2:b9:db:bc:13:9c:ce:bb:81Certificate

Extended Key Usages

Key Usages

b7:85:b6:5b:3a:ef:c8:e7:a8:a9:ea:99:4c:89:22:31:de:60:f6:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

mswsock

crypt32

Exports

Exports

Sections

.text Size: 803KB - Virtual size: 803KB

.rdata Size: 182KB - Virtual size: 181KB

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0b:4a:e4:b2:e0:c0:3d:b2:b9:db:bc:13:9c:ce:bb:81
Certificate

b7:85:b6:5b:3a:ef:c8:e7:a8:a9:ea:99:4c:89:22:31:de:60:f6:3b
Signer

.text
Size: 803KB - Virtual size: 803KB

.rdata
Size: 182KB - Virtual size: 181KB

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB