NEAS[.]64077415fd474aba0f22bd905747a6f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.64077415fd474aba0f22bd905747a6f0.exe
Size

389KB
MD5

64077415fd474aba0f22bd905747a6f0
SHA1

9e569dc48b0827fb763ba64c5caf6371086c434a
SHA256

10295aa07f49339534029dc8c8e171aecac86c90fb75150df8453d3bb5b54341
SHA512

972bbeb68fb30b9bde9cb9fcb4e2481cc0a8043090d7fdb9594338339b4b578656a1b181258a80616a455982e7a0a4065a621ff8dc7786401174153b7844a304
SSDEEP

6144:fd/OVo40LOYs2D2N8GnqSzZXgdhXmMEvNSqyTaZcKrYSkCGbk5zqcRrwC181wIbT:fd2VLoD2nXCNlCSqyTXoF4k5W+1CwIv

Score

1^/10

Malware Config

Signatures

Files

NEAS.64077415fd474aba0f22bd905747a6f0.exe
.dll windows:4 windows x86

9cb9c7b6a4d0beab81a932b3f1b67cd9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:aa:14:c2:01:dd:2c:40:30:b4:fe:57:59:d6:d0:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

10/07/2007, 00:00

Not After

09/07/2008, 23:59

Subject

CN=Maxthon Asia Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Maxthon Asia Ltd,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:40:8d:d9:10:c7:bd:49:d0:64:00:c4:a1:d5:4a:91:f2:81:0c:be
Signer

Actual PE Digest

b4:40:8d:d9:10:c7:bd:49:d0:64:00:c4:a1:d5:4a:91:f2:81:0c:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
GetLastError
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
LockFile
LockFileEx
UnlockFile
CreateFileA
CreateFileW
GetFileAttributesA
GetFileAttributesW
WideCharToMultiByte
DeleteFileW
GetTempPathA
GetTempPathW
GetFullPathNameA
GetFullPathNameW
LoadLibraryA
LoadLibraryW
FormatMessageA
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetSystemTime
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
MultiByteToWideChar
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
DeleteCriticalSection
Sleep
InitializeCriticalSection
DeleteFileA
InterlockedIncrement
RtlUnwind
InterlockedDecrement
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetStringTypeA
GetStringTypeW
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
SetStdHandle
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDeriveKey
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptAcquireContextA
CryptDuplicateKey

Exports

Exports

?CreateMxDbObj@@YA_NPAK@Z
?DeleteMxDbObj@@YAXPAK@Z

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cb9c7b6a4d0beab81a932b3f1b67cd9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

58:aa:14:c2:01:dd:2c:40:30:b4:fe:57:59:d6:d0:cbCertificate

Extended Key Usages

Key Usages

b4:40:8d:d9:10:c7:bd:49:d0:64:00:c4:a1:d5:4a:91:f2:81:0c:beSigner

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 301KB

.text1 Size: 4KB - Virtual size: 40B

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 14KB

.data1 Size: 16KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 16KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

58:aa:14:c2:01:dd:2c:40:30:b4:fe:57:59:d6:d0:cb
Certificate

b4:40:8d:d9:10:c7:bd:49:d0:64:00:c4:a1:d5:4a:91:f2:81:0c:be
Signer

.text
Size: 304KB - Virtual size: 301KB

.text1
Size: 4KB - Virtual size: 40B

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 14KB

.data1
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 16KB - Virtual size: 12KB