NEAS[.]1468be27568a8e91e2d0117bf6538b00[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1468be27568a8e91e2d0117bf6538b00.exe
Size

2.0MB
MD5

1468be27568a8e91e2d0117bf6538b00
SHA1

ca7a6931056900ab80b02a3dae76bff6ca86f913
SHA256

6eaf3672c93a8230983ff9f199d5a714fc93084e88bc255b0cc6bb4a4cc59466
SHA512

7fd17ef9c4db336c1d0b0e39ce656730b495228dc2fc8d273cc12739dd8809df9d6d7f5636271d3518a7d71ddca078e3ed7502ff691262dc2db6ad2dc75e60a2
SSDEEP

24576:9lpbbaFHcmPv4ENuV7hwFVZnLxm9EuO4kTnEm3:XpbeFHcCvLNKknLF1Tx3

Score

1^/10

Malware Config

Signatures

Files

NEAS.1468be27568a8e91e2d0117bf6538b00.exe
.dll windows:5 windows x64

ccf77463ed8530fb1d1785429ae3d1a2

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:b2:b5:18:a6:4a:e9:23:a4:0b:33:7f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/06/2020, 14:49

Not After

26/06/2022, 14:49

Subject

CN=YANDEX LLC,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:04:d3:2e:74:fc:47:2b:66:c0:8a:38
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/05/2022, 08:44

Not After

06/05/2024, 08:44

Subject

SERIALNUMBER=1027700229193,CN=YANDEX LLC,O=YANDEX LLC,STREET=Leo Tolstoy street\, 16,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ed:5b:19:7e:26:b7:d2:9a:58:05:0f:c9:da:4b:16:fb:d1:4c:c6:eb:3a:b4:96:2f:94:cf:94:85:50:be:1f:6a
Signer

Actual PE Digest

ed:5b:19:7e:26:b7:d2:9a:58:05:0f:c9:da:4b:16:fb:d1:4c:c6:eb:3a:b4:96:2f:94:cf:94:85:50:be:1f:6a

Digest Algorithm

sha256

PE Digest Matches

true

7c:0b:1d:c7:8a:99:b2:74:87:0e:b8:03:88:6c:79:9d:53:2d:fa:48
Signer

Actual PE Digest

7c:0b:1d:c7:8a:99:b2:74:87:0e:b8:03:88:6c:79:9d:53:2d:fa:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
AssignProcessToJobObject
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateProcessW
CreateThread
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueueTimer
DisableThreadLibraryCalls
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNextFileW
FindResourceW
FlsAlloc
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFree
LockResource
Module32FirstW
Module32NextW
MultiByteToWideChar
OpenThread
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetFilePointerEx
SetHandleInformation
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenW

user32

AllowSetForegroundWindow
AppendMenuW
BeginPaint
CallNextHookEx
CallWindowProcW
ClientToScreen
CopyRect
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyMenu
DestroyWindow
DrawTextW
EndMenu
EndPaint
EqualRect
FillRect
FindWindowExW
GetAncestor
GetCaretPos
GetClassInfoExW
GetClassLongPtrW
GetClassLongW
GetClientRect
GetCursorPos
GetDC
GetDlgCtrlID
GetDlgItem
GetForegroundWindow
GetKeyState
GetLastInputInfo
GetMonitorInfoW
GetParent
GetSysColor
GetSystemMetrics
GetWindowDC
GetWindowLongPtrW
GetWindowLongW
GetWindowRect
GetWindowThreadProcessId
InflateRect
IntersectRect
InvalidateRect
IsRectEmpty
IsWindow
IsWindowVisible
KillTimer
LoadCursorW
LoadStringW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
OffsetRect
PostMessageW
PtInRect
RegisterClassExW
ReleaseDC
ScreenToClient
SendMessageW
SetClassLongW
SetCursor
SetForegroundWindow
SetRectEmpty
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
TrackMouseEvent
TrackPopupMenu
UnhookWindowsHookEx
UnregisterClassW

ole32

CLSIDFromString
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleSaveToStream
ReadClassStm
StringFromGUID2
WriteClassStm

advapi32

ConvertSidToStringSidW
ConvertStringSidToSidW
CreateProcessAsUserW
DuplicateToken
EventRegister
EventUnregister
EventWrite
GetLengthSid
GetTokenInformation
GetUserNameW
IsValidSid
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetTokenInformation
SystemFunction036

gdi32

BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
DeleteObject
ExcludeClipRect
ExtTextOutW
GetCurrentObject
GetDeviceCaps
GetObjectW
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx

oleaut32

SysAllocString
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantChangeType
VariantClear
VariantInit

shell32

CommandLineToArgvW
SHAppBarMessage
SHGetFolderPathW
SHGetKnownFolderPath
SHGetSpecialFolderPathW
ShellExecuteExW

gdiplus

GdipAlloc
GdipCloneImage
GdipCreateFromHDC
GdipCreateImageAttributes
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawImageRectRectI
GdipFillRectangleI
GdipFree
GdipGetDC
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipReleaseDC
GdipSetImageAttributesColorMatrix
GdipSetInterpolationMode
GdiplusShutdown
GdiplusStartup

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpWriteData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

uxtheme

BeginBufferedPaint
CloseThemeData
DrawThemeBackground
DrawThemeParentBackground
DrawThemeTextEx
EndBufferedPaint
GetThemeInt
OpenThemeData

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winmm

timeGetTime

shlwapi

ord176

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetHandleVerifier
InstallHooks
UninstallHooks

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 72B

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 297B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccf77463ed8530fb1d1785429ae3d1a2

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

2b:b2:b5:18:a6:4a:e9:23:a4:0b:33:7fCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:04:d3:2e:74:fc:47:2b:66:c0:8a:38Certificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

ed:5b:19:7e:26:b7:d2:9a:58:05:0f:c9:da:4b:16:fb:d1:4c:c6:eb:3a:b4:96:2f:94:cf:94:85:50:be:1f:6aSigner

7c:0b:1d:c7:8a:99:b2:74:87:0e:b8:03:88:6c:79:9d:53:2d:fa:48Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

advapi32

gdi32

oleaut32

shell32

gdiplus

winhttp

version

uxtheme

userenv

winmm

shlwapi

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 288KB - Virtual size: 287KB

.data Size: 38KB - Virtual size: 71KB

.pdata Size: 32KB - Virtual size: 32KB

.00cfg Size: 512B - Virtual size: 40B

.retplne Size: 512B - Virtual size: 72B

.rodata Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 297B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 82KB - Virtual size: 82KB

.reloc Size: 6KB - Virtual size: 5KB

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

2b:b2:b5:18:a6:4a:e9:23:a4:0b:33:7f
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:04:d3:2e:74:fc:47:2b:66:c0:8a:38
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

ed:5b:19:7e:26:b7:d2:9a:58:05:0f:c9:da:4b:16:fb:d1:4c:c6:eb:3a:b4:96:2f:94:cf:94:85:50:be:1f:6a
Signer

7c:0b:1d:c7:8a:99:b2:74:87:0e:b8:03:88:6c:79:9d:53:2d:fa:48
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 288KB - Virtual size: 287KB

.data
Size: 38KB - Virtual size: 71KB

.pdata
Size: 32KB - Virtual size: 32KB

.00cfg
Size: 512B - Virtual size: 40B

.retplne
Size: 512B - Virtual size: 72B

.rodata
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 297B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 6KB - Virtual size: 5KB