NEAS[.]34e9bd2c3890f8043694bd2de3275090[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.34e9bd2c3890f8043694bd2de3275090.exe
Size

621KB
MD5

34e9bd2c3890f8043694bd2de3275090
SHA1

f54945ab971d1e0446bb2760468bb3bc34201f53
SHA256

71f84daa41b20b713ab513f08d419fa0efde11885fba6e879cee25bb0bb5e5c8
SHA512

5c7c85859da13d372e3e32f5cac5cc12580b299d378bda0f996005fe43963efe4b89d4ff67514e2e28317617bb8c666f584f25e3c2810a5ac9d5ee2c636717af
SSDEEP

6144:lEj/kQBeEn+Iu5INfj76tBziU2AKSmX3J1cORHhgx7Cj3yxllcUFA:Wj81Z8jGtBb2AYjKA

Score

1^/10

Malware Config

Signatures

Files

NEAS.34e9bd2c3890f8043694bd2de3275090.exe
.exe windows:4 windows x86

7cb9344f6c83f927572c64fc9b2fd4bb

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:f6:53:72:4f:7e:a5:a6:2c:63:11:1a:89:b5:67:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-05-2008 00:00

Not After

13-05-2009 23:59

Subject

CN=RICOH Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality Management Division,O=RICOH Company Limited,L=1-3-6 Nakamagome Ohta-Ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:fa:c4:01:bd:48:94:c4:f0:b0:3a:19:08:b6:99:f3:8f:dc:ee:89
Signer

Actual PE Digest

62:fa:c4:01:bd:48:94:c4:f0:b0:3a:19:08:b6:99:f3:8f:dc:ee:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpdiapi

ord12
ord13
ord74
ord72
ord81
ord73
ord75
ord68
ord2
ord82
ord3
ord53
ord65
ord69
ord60
ord18
ord19
ord9
ord10
ord11
ord67
ord71
ord16
ord80
ord14
ord15
ord30
ord70
ord52
ord40
ord66
ord4
ord5
ord6
ord22
ord23
ord31
ord20
ord76

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetVolumeInformationA
GetStringTypeExA
GetThreadLocale
GetFileSize
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
GetStartupInfoA
GetCommandLineA
RaiseException
InitializeCriticalSection
SetStdHandle
GetFileType
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetDriveTypeA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFlags
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
GlobalAlloc
GetCurrentThread
lstrcpynA
LocalFree
GlobalFree
MultiByteToWideChar
GlobalLock
GlobalUnlock
MulDiv
SetLastError
FindResourceA
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetShortPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrcmpA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetProfileStringA
GetFileAttributesA
SetFileAttributesA
GetLocalTime
GetTempPathA
FindFirstFileA
FindClose
Sleep
InterlockedDecrement
OpenMutexA
CloseHandle
CreateMutexA
InterlockedIncrement
GetModuleFileNameA
DeleteFileA
FindResourceExA
SizeofResource
LoadResource
LockResource
WideCharToMultiByte
GetSystemDefaultLangID
lstrlenA
GetVersionExA
GetLastError
FormatMessageA
GetTickCount
HeapAlloc

user32

DrawTextA
GrayStringA
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
GetDesktopWindow
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
PostQuitMessage
ShowOwnedPopups
LoadStringA
InflateRect
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyIcon
CharUpperA
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
TabbedTextOutA
GetTopWindow
IsChild
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
SendMessageA
ScreenToClient
GetMessagePos
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
GetWindowPlacement
CopyRect
GetDC
ReleaseDC
IsWindow
GetLastActivePopup
FindWindowA
GetForegroundWindow
GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
MessageBoxA
GetWindowRect
GetClientRect
GetSystemMetrics
GetDlgItem
InvalidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
UpdateWindow
DestroyMenu
SetMenuItemInfoA
PeekMessageA
PostMessageA
KillTimer
GetSystemMenu
GetMenuItemInfoA
SetTimer
EnableWindow
LoadBitmapA
IsWindowUnicode
CallNextHookEx

gdi32

IntersectClipRect
DeleteObject
ScaleWindowExtEx
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
PatBlt

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
EnumPortsA
AddPortA

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueA
RegCreateKeyA
RegOpenKeyExA
GetFileSecurityA
SetFileSecurityA
RegDeleteKeyA

shell32

ExtractIconA
DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cb9344f6c83f927572c64fc9b2fd4bb

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

53:f6:53:72:4f:7e:a5:a6:2c:63:11:1a:89:b5:67:b4Certificate

Extended Key Usages

Key Usages

62:fa:c4:01:bd:48:94:c4:f0:b0:3a:19:08:b6:99:f3:8f:dc:ee:89Signer

Headers

File Characteristics

Imports

rpdiapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 264KB - Virtual size: 260KB

.sdata Size: 4KB - Virtual size: 8B

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 272KB - Virtual size: 270KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

53:f6:53:72:4f:7e:a5:a6:2c:63:11:1a:89:b5:67:b4
Certificate

62:fa:c4:01:bd:48:94:c4:f0:b0:3a:19:08:b6:99:f3:8f:dc:ee:89
Signer

.text
Size: 264KB - Virtual size: 260KB

.sdata
Size: 4KB - Virtual size: 8B

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 272KB - Virtual size: 270KB