NEAS[.]3531492da72e538910fff3c337674d10[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3531492da72e538910fff3c337674d10.exe
Size

91KB
MD5

3531492da72e538910fff3c337674d10
SHA1

55cd2c533471f23e933875681bc2647553ead80c
SHA256

9b6d1312392dd5b5eb976c5166f346692dfbadc970917d28416c39188de1198e
SHA512

4c4eb15078671f8bb919687c184c235129590001e77474e817e6f8840e5fd115dcc9120930489be4f5587a3dc2e2851a3775c59e5b87bd33bd9c867b25fcff60
SSDEEP

1536:GqYU0soU/MJOCOi/pPr32cHLVB/pPr32cHLVz5n:GpU0sN+OCOvcHLscHLBx

Score

1^/10

Malware Config

Signatures

Files

NEAS.3531492da72e538910fff3c337674d10.exe
.exe windows:5 windows x86

deb15741e8726d12107a7895c603acca

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:7a:e8:22:10:9c:dd:9f:9f:b7:61:2f:fb:23:74:6a:fc:28:93:d1
Signer

Actual PE Digest

99:7a:e8:22:10:9c:dd:9f:9f:b7:61:2f:fb:23:74:6a:fc:28:93:d1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
GetCurrentProcessId
LocalFree
lstrlenA
MultiByteToWideChar
GetLastError
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedExchange
InterlockedDecrement
Sleep

user32

SetWindowLongA
UpdateWindow
DestroyWindow
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
KillTimer
SendMessageA
GetDC
ReleaseDC
EqualRect
GetParent
GetWindowDC
UpdateLayeredWindow
InvalidateRect
GetSystemMetrics
GetForegroundWindow
ShowWindow
GetWindowLongA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
IsWindow
SystemParametersInfoA
LoadAcceleratorsA
LoadStringA
PostMessageA
SetWindowPos
GetWindowRect

gdi32

DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDeviceCaps
BitBlt
DeleteObject

ole32

OleDraw
OleCreate
CoCreateInstance
OleUninitialize
OleInitialize
OleSetContainedObject

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
VariantClear

kwlib

?GetUserID@UserId@KwLib@@YA_NQADH@Z
?Tokenize@StringUtility@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@@Z

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

kwmodconfig

AfxGetConfigManager

msvcr90

_onexit
_decode_pointer
_lock
_encode_pointer
__dllonexit
_unlock
_crt_debugger_hook
_controlfp_s
_invoke_watson
memset
_CxxThrowException
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
??3@YAXPAX@Z
??2@YAPAXI@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
_purecall
free
malloc
_amsg_exit

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

deb15741e8726d12107a7895c603acca

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

99:7a:e8:22:10:9c:dd:9f:9f:b7:61:2f:fb:23:74:6a:fc:28:93:d1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

kwlib

msvcp90

kwmodconfig

msvcr90

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 1KB

SHARED Size: 512B - Virtual size: 4B

.rsrc Size: 62KB - Virtual size: 136KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

99:7a:e8:22:10:9c:dd:9f:9f:b7:61:2f:fb:23:74:6a:fc:28:93:d1
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 1KB

SHARED
Size: 512B - Virtual size: 4B

.rsrc
Size: 62KB - Virtual size: 136KB