NEAS[.]2e4203742554480291899af47be6b190[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2e4203742554480291899af47be6b190.exe
Size

87KB
MD5

2e4203742554480291899af47be6b190
SHA1

16d0ecabff04788499ab4ad16617d11467e75dba
SHA256

39c53344f9f1ab1f7bb0be9b6235f31a3ad581de7dbb8a9568b00c556b197d16
SHA512

32ccc2329165da7e4a26bd2db9ccf1510ec2f72cb4c9fc9d9d90b881545231c72bebcf061a52c77760301f7021efb01d196307923a6f325b3f625e4f3ce06d85
SSDEEP

1536:PKEU7fD3lCaDxS9Eii0n0UumRcyPzelfsGmAiYG0Q+8iA:U7fblb0Ck6lfs7XYSD

Score

1^/10

Malware Config

Signatures

Files

NEAS.2e4203742554480291899af47be6b190.exe
.exe windows:4 windows x86

67fcc800bd0db19f3526a2367fd90595

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:d4:db:70:7b:ae:c4:5b:2f:4f:f5:4d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

07/12/2020, 06:34

Not After

08/12/2022, 06:34

Subject

SERIALNUMBER=53635609,CN=CREATING CLOUD TECHNOLOGY CO.\, LTD,O=CREATING CLOUD TECHNOLOGY CO.\, LTD,STREET=16F.-3\, No. 925\, Sec. 4\, Taiwan Blvd.\, Xitun Dist.,L=Taichung,ST=Taichung,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:d4:db:70:7b:ae:c4:5b:2f:4f:f5:4d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

07/12/2020, 06:34

Not After

08/12/2022, 06:34

Subject

SERIALNUMBER=53635609,CN=CREATING CLOUD TECHNOLOGY CO.\, LTD,O=CREATING CLOUD TECHNOLOGY CO.\, LTD,STREET=16F.-3\, No. 925\, Sec. 4\, Taiwan Blvd.\, Xitun Dist.,L=Taichung,ST=Taichung,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:7a:1f:3b:31:c5:a9:cc:a7:8e:e6:ea:95:b7:77:74:73:d3:7c:3c:24:c4:28:18:0e:73:63:59:6f:4d:5e:3f
Signer

Actual PE Digest

38:7a:1f:3b:31:c5:a9:cc:a7:8e:e6:ea:95:b7:77:74:73:d3:7c:3c:24:c4:28:18:0e:73:63:59:6f:4d:5e:3f

Digest Algorithm

sha256

PE Digest Matches

true

f2:c4:53:ad:d1:f1:22:27:f3:9d:1f:c7:e3:eb:73:50:1b:01:af:f7
Signer

Actual PE Digest

f2:c4:53:ad:d1:f1:22:27:f3:9d:1f:c7:e3:eb:73:50:1b:01:af:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrcmpiA
SetCurrentDirectoryA
GetCurrentDirectoryA
CloseHandle
FlushFileBuffers
WriteFile
SetFilePointer
CreateFileA
lstrcatA
WaitForSingleObject
OpenProcess
ReadFile
DeleteFileA
GetFileSize
SetEnvironmentVariableA
GetLastError
FindFirstFileA
lstrlenA
GlobalAlloc
GetModuleFileNameA
HeapAlloc
GetProcessHeap
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
LocalFree
GetExitCodeProcess
ResumeThread
DeviceIoControl
GetCurrentProcessId
SearchPathA
SetLastError
ExitProcess
lstrcpynA
lstrcmpA
lstrcpyA
CreateProcessA
FindNextFileA
GetEnvironmentVariableA
FindClose
GetStringTypeA
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
SetEndOfFile
GetOEMCP
WriteProcessMemory
VirtualProtectEx
GetModuleHandleA
SetThreadContext
FlushInstructionCache
GetThreadContext
SuspendThread
RtlUnwind
HeapFree
HeapReAlloc
MoveFileA
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCPInfo
GetACP

advapi32

OpenProcessToken
LookupAccountSidA
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation

shell32

SHGetFolderPathA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

shlwapi

PathFileExistsA
PathAppendA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67fcc800bd0db19f3526a2367fd90595

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

6d:d4:db:70:7b:ae:c4:5b:2f:4f:f5:4dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

6d:d4:db:70:7b:ae:c4:5b:2f:4f:f5:4dCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

38:7a:1f:3b:31:c5:a9:cc:a7:8e:e6:ea:95:b7:77:74:73:d3:7c:3c:24:c4:28:18:0e:73:63:59:6f:4d:5e:3fSigner

f2:c4:53:ad:d1:f1:22:27:f3:9d:1f:c7:e3:eb:73:50:1b:01:af:f7Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 16KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

6d:d4:db:70:7b:ae:c4:5b:2f:4f:f5:4d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

6d:d4:db:70:7b:ae:c4:5b:2f:4f:f5:4d
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

38:7a:1f:3b:31:c5:a9:cc:a7:8e:e6:ea:95:b7:77:74:73:d3:7c:3c:24:c4:28:18:0e:73:63:59:6f:4d:5e:3f
Signer

f2:c4:53:ad:d1:f1:22:27:f3:9d:1f:c7:e3:eb:73:50:1b:01:af:f7
Signer

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 16KB