NEAS[.]8c0b869a414ebf4d49ae4808f487e240[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8c0b869a414ebf4d49ae4808f487e240.exe
Size

878KB
MD5

8c0b869a414ebf4d49ae4808f487e240
SHA1

dcd4d115629aefb5e0262cf24ff65f0ebee9d5a5
SHA256

1246db8bb96c0aa6ec6e1c3b8c7c8e229247f47e50056ac4b4a836219a96bd1d
SHA512

01de89115b00423c7be9e4c6d5b60e560e4e328c641e4774ed2de97be00e61fa69c3a95041a3a1ce40a6849527cc309ac22262910dd7cd9e7539456ee59923cd
SSDEEP

12288:bfZhYD/c+Kfq8n8Eldfg0KeXxD8hm/rYH1aw+jiPWfdQEBjvrEH73:Y0C8rgW58QjYH1aVyWyurEH73

Score

1^/10

Malware Config

Signatures

Files

NEAS.8c0b869a414ebf4d49ae4808f487e240.exe
.exe windows:5 windows x86

0cff4e28d7b9c17f95d68d3ffb69310c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

28/09/2009, 00:00

Not After

04/11/2012, 23:59

Subject

CN=Adobe Systems\, Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Acrobat Engineering,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:83:4d:40:8f:7e:38:e1:bc:35:bc:37:5b:2e:83:0a:7c:48:c6:e7
Signer

Actual PE Digest

dc:83:4d:40:8f:7e:38:e1:bc:35:bc:37:5b:2e:83:0a:7c:48:c6:e7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetFileAttributesW
GetVersionExW
GlobalAlloc
FindFirstFileW
FindNextFileW
GetLastError
FindClose
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
CreateProcessW
WideCharToMultiByte
GetFileAttributesA
GetShortPathNameW
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
Sleep
CloseHandle
ResetEvent
CreateEventW
SetLastError
WaitForSingleObject
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
LoadLibraryA
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalSize
CopyFileW
MoveFileW
DeleteFileW
GetStringTypeExW
GetThreadLocale
lstrcmpiW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
CreateFileW
GetCurrentProcessId
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedDecrement
InterlockedIncrement
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
lstrcmpA
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileSizeEx
GetFileTime
SetThreadPriority
ResumeThread
GetCurrentThreadId
SetEvent
SuspendThread
lstrcmpW
GlobalFlags
GlobalAddAtomW
GetModuleHandleA
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeW
ExitThread
CreateThread
GetStartupInfoW
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCurrentDirectoryA
SetCurrentDirectoryA
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleFileNameW
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
GetFullPathNameA
CreateFileA
SetEnvironmentVariableA
GetSystemInfo
lstrcpyA
lstrlenA
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentDirectoryW
MultiByteToWideChar
SetCurrentDirectoryW
lstrlenW
GetConsoleCP

user32

TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
LoadIconW
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
InflateRect
GetMenuItemInfoW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
SetCursor
ShowOwnedPopups
DeleteMenu
SetRectEmpty
InvalidateRect
GetDialogBaseUnits
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
CopyRect
GetMenu
SetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
RegisterClassW
ScrollWindowEx
SetWindowLongW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
DestroyIcon
GetFocus
GetDesktopWindow
GetWindow
GetDlgCtrlID
PtInRect
SetWindowTextW
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetKeyState
PeekMessageW
ValidateRect
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
CharUpperW
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClassInfoExW
OffsetRect
GetClassInfoW
AdjustWindowRectEx
EqualRect
DeferWindowPos
RegisterWindowMessageW
CreateWindowExW
SystemParametersInfoW
MoveWindow
FindWindowExW
GetMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetActiveWindow
RegisterClassExW
GetWindowRect
GetParent
ScreenToClient
CreateDialogParamW
ShowWindow
SetClassLongW
SendDlgItemMessageW
GetScrollInfo
SetScrollInfo
SetWindowPlacement
FillRect
SetDlgItemTextW
DefWindowProcW
ClientToScreen
SetWindowPos
KillTimer
GetSystemMetrics
BeginPaint
GetSysColor
GetClientRect
DrawTextW
EndPaint
IsWindowVisible
DestroyWindow
FindWindowW
LoadStringW
LoadImageW
SendMessageW
WaitForInputIdle
EnumThreadWindows
GetClassNameW
IsWindow
GetForegroundWindow
SetTimer
LoadMenuW
GetCursorPos
GetSubMenu
SetForegroundWindow
TrackPopupMenu
DestroyMenu
PostMessageW
CheckMenuItem
CallWindowProcW

gdi32

SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
SetViewportExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
SetWindowOrgEx
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SaveDC
RestoreDC
SetBkMode
SetViewportOrgEx
SetROP2
SetStretchBltMode
SetWindowExtEx
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetObjectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
DeleteObject
CreateDCW
SetPolyFillMode
OffsetViewportOrgEx
StartDocW
GetBkColor
GetTextMetricsW
CreateCompatibleBitmap
StretchDIBits
CreateFontW
GetCharWidthW
GetTextExtentPoint32W
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectW
ExtTextOutW
SetTextColor
SetBkColor
SelectObject
GetStockObject
PtVisible
RectVisible
TextOutW
Escape
CopyMetaFileW
SetGraphicsMode
GetDeviceCaps

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW
GetJobW

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegNotifyChangeKeyValue
RegCreateKeyA
RegQueryValueW
RegOpenKeyA
RegCreateKeyW
RegEnumValueW
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExA

shell32

DragFinish
ExtractIconW
SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
DragQueryFileW

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

comdlg32

GetFileTitleW

ole32

StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
CoTreatAsClass
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitializeEx
ReadFmtUserTypeStg

oleaut32

SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDateFromStr
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VarDecFromStr
VarBstrFromDate
VariantInit
SafeArrayGetElemsize

Sections

.text
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cff4e28d7b9c17f95d68d3ffb69310c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07Certificate

Extended Key Usages

Key Usages

dc:83:4d:40:8f:7e:38:e1:bc:35:bc:37:5b:2e:83:0a:7c:48:c6:e7Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleacc

comdlg32

ole32

oleaut32

Sections

.text Size: 587KB - Virtual size: 587KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 13KB - Virtual size: 31KB

.idata Size: 16KB - Virtual size: 16KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 35KB - Virtual size: 35KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07
Certificate

dc:83:4d:40:8f:7e:38:e1:bc:35:bc:37:5b:2e:83:0a:7c:48:c6:e7
Signer

.text
Size: 587KB - Virtual size: 587KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 13KB - Virtual size: 31KB

.idata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 35KB - Virtual size: 35KB