NEAS[.]8f8467f820d9abcc883b36507b3be7e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8f8467f820d9abcc883b36507b3be7e0.exe
Size

404KB
MD5

8f8467f820d9abcc883b36507b3be7e0
SHA1

8d63abb74c4d6f925741dc8ce92fd5fcdf71fda4
SHA256

b5c5387a95e8b9373b1d9564e09df0bdd21f2976e0b44c1580e637b958ea4405
SHA512

ab7d6b01554a5a18c55013067bcf2758f0a39213969d694ff4237db298aec8abdc414d0dcdfbba3c772d1989120ea3c75e03f1e86771b03f6d800d4948e2bda2
SSDEEP

12288:WbohssnoY5uVevUl4uDvcWrJmbIXWtZ4nmZwjPyStqO4FlSlWH:zssnoY5uOpiEqwb0BjPBp4zMWH

Score

1^/10

Malware Config

Signatures

Files

NEAS.8f8467f820d9abcc883b36507b3be7e0.exe
.exe windows:5 windows x86

7cbc03492d7109669a4ed8e95ace803d

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:63:00:01:00:02:1f:a8:dc:56:b5:ea:e7:2c
Certificate

Issuer

CN=TC TrustCenter Class 2-II L1 CA IV,OU=TC TrustCenter Class 2-II L1 CA,O=TC TrustCenter GmbH,C=DE

Not Before

17/06/2009, 15:22

Not After

31/12/2025, 19:59

Subject

CN=TC TrustCenter Authenticode Timestamp II,OU=Timestamp,O=TC TrustCenter,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:12:e1:0c:a5:a1:fc:01:a3:47:e1:42:7d:fb:9d:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/03/2013, 00:00

Not After

26/04/2014, 23:59

Subject

CN=HuoRongBoRui (Beijing) Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HuoRongBoRui (Beijing) Technology Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:0d:24:e5:73:b3:5d:86:52:c4:ef:23:5d:6a:9c:a9:da:41:f0:9b
Signer

Actual PE Digest

8a:0d:24:e5:73:b3:5d:86:52:c4:ef:23:5d:6a:9c:a9:da:41:f0:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
MultiByteToWideChar
lstrlenA
RaiseException
lstrcpynW
GetVersionExW
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindResourceExW
FindResourceW
LoadResource
LockResource
WideCharToMultiByte
lstrlenW
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
FileTimeToLocalFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
SetErrorMode
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
FindClose
FindFirstFileW
FindNextFileW
SetLastError
GetWindowsDirectoryW
DeleteCriticalSection
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
GetSystemTimeAsFileTime
GetStartupInfoW
GetCurrentThreadId
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
GetTimeZoneInformation
ExitProcess
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringW
LCMapStringA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadFile
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
OpenMutexW
LocalAlloc
SetEvent
CreateEventW
GetModuleHandleA
LocalFree
InterlockedExchange
GetTickCount
WaitForSingleObject
Sleep
CreateThread
CloseHandle
CreateMutexW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
SizeofResource
EnterCriticalSection
GetModuleFileNameW
HeapFree
InterlockedCompareExchange

user32

GetActiveWindow
PtInRect
SetWindowPos
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
OffsetRect
CopyRect
ScreenToClient
SetWindowRgn
IsIconic
PostQuitMessage
MessageBoxW
GetSysColor
IsWindowVisible
SetTimer
IsWindow
InvalidateRect
IntersectRect
SetFocus
ShowWindow
BringWindowToTop
LoadCursorW
SendMessageW
PostMessageW
CallWindowProcW
DefWindowProcW
CreateWindowExW
MapWindowPoints
GetClientRect
GetParent
GetWindow
RegisterClassExW
GetClassInfoExW
GetWindowLongW
SetWindowLongW
MoveWindow
UnregisterClassA
PeekMessageW
DestroyWindow
SetForegroundWindow
IsZoomed
FindWindowW
CharNextW
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
EnableWindow

gdi32

DeleteObject
CreateRoundRectRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
RegEnumValueA
RegOpenKeyExA
SetSecurityDescriptorDacl
RegEnumKeyExA
InitializeSecurityDescriptor
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetFileInfoW

ole32

CoInitialize
CoTaskMemRealloc
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

duilib

?SelectItem@CTabLayoutUI@DuiLib@@QAE_NH@Z
?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPB_W@Z
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCStdString@2@XZ
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
??0CControlUI@DuiLib@@QAE@XZ
??1CControlUI@DuiLib@@UAE@XZ
?SetName@CControlUI@DuiLib@@UAEXPB_W@Z
?GetClass@CControlUI@DuiLib@@UBEPB_WXZ
?GetInterface@CControlUI@DuiLib@@UAEPAXPB_W@Z
?GetControlFlags@CControlUI@DuiLib@@UBEIXZ
?Activate@CControlUI@DuiLib@@UAE_NXZ
?GetManager@CControlUI@DuiLib@@UBEPAVCPaintManagerUI@2@XZ
?SetManager@CControlUI@DuiLib@@UAEXPAVCPaintManagerUI@2@PAV12@_N@Z
?GetParent@CControlUI@DuiLib@@UBEPAV12@XZ
?SetText@CControlUI@DuiLib@@UAEXPB_W@Z
?SetPos@CControlUI@DuiLib@@UAEXUtagRECT@@@Z
?GetWidth@CControlUI@DuiLib@@UBEHXZ
?GetHeight@CControlUI@DuiLib@@UBEHXZ
?GetX@CControlUI@DuiLib@@UBEHXZ
?GetY@CControlUI@DuiLib@@UBEHXZ
?GetPadding@CControlUI@DuiLib@@UBE?AUtagRECT@@XZ
?SetPadding@CControlUI@DuiLib@@UAEXUtagRECT@@@Z
?GetFixedXY@CControlUI@DuiLib@@UBE?AUtagSIZE@@XZ
?SetFixedXY@CControlUI@DuiLib@@UAEXUtagSIZE@@@Z
?GetFixedWidth@CControlUI@DuiLib@@UBEHXZ
?SetFixedWidth@CControlUI@DuiLib@@UAEXH@Z
?GetFixedHeight@CControlUI@DuiLib@@UBEHXZ
?SetFixedHeight@CControlUI@DuiLib@@UAEXH@Z
?GetMinWidth@CControlUI@DuiLib@@UBEHXZ
?SetMinWidth@CControlUI@DuiLib@@UAEXH@Z
?GetMaxWidth@CControlUI@DuiLib@@UBEHXZ
?SetMaxWidth@CControlUI@DuiLib@@UAEXH@Z
?GetMinHeight@CControlUI@DuiLib@@UBEHXZ
?SetMinHeight@CControlUI@DuiLib@@UAEXH@Z
?GetMaxHeight@CControlUI@DuiLib@@UBEHXZ
?SetMaxHeight@CControlUI@DuiLib@@UAEXH@Z
?SetRelativePos@CControlUI@DuiLib@@UAEXUtagSIZE@@0@Z
?SetRelativeParentSize@CControlUI@DuiLib@@UAEXUtagSIZE@@@Z
?GetRelativePos@CControlUI@DuiLib@@UBE?AUtagTRelativePosUI@2@XZ
?IsRelativePos@CControlUI@DuiLib@@UBE_NXZ
?GetToolTip@CControlUI@DuiLib@@UBE?AVCStdString@2@XZ
?SetToolTip@CControlUI@DuiLib@@UAEXPB_W@Z
?SetShortcut@CControlUI@DuiLib@@UAEX_W@Z
?IsContextMenuUsed@CControlUI@DuiLib@@UBE_NXZ
?SetContextMenuUsed@CControlUI@DuiLib@@UAEX_N@Z
?GetUserData@CControlUI@DuiLib@@UAEABVCStdString@2@XZ
?SetUserData@CControlUI@DuiLib@@UAEXPB_W@Z
?GetTag@CControlUI@DuiLib@@UBEIXZ
?SetTag@CControlUI@DuiLib@@UAEXI@Z
?SetVisible@CControlUI@DuiLib@@UAEX_N@Z
?SetInternVisible@CControlUI@DuiLib@@UAEX_N@Z
?IsVisible@CControlUI@DuiLib@@UBE_NXZ
?IsEnabled@CControlUI@DuiLib@@UBE_NXZ
?SetEnabled@CControlUI@DuiLib@@UAEX_N@Z
?IsMouseEnabled@CControlUI@DuiLib@@UBE_NXZ
?SetMouseEnabled@CControlUI@DuiLib@@UAEX_N@Z
?IsFocused@CControlUI@DuiLib@@UBE_NXZ
?SetFocus@CControlUI@DuiLib@@UAEXXZ
?IsFloat@CControlUI@DuiLib@@UBE_NXZ
?SetFloat@CControlUI@DuiLib@@UAEX_N@Z
?FindControl@CControlUI@DuiLib@@UAEPAV12@P6GPAV12@PAV12@PAX@Z1I@Z
?Init@CControlUI@DuiLib@@UAEXXZ
?DoInit@CControlUI@DuiLib@@UAEXXZ
?Event@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoEvent@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?SetAttribute@CControlUI@DuiLib@@UAEXPB_W0@Z
?EstimateSize@CControlUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z
?PaintBkColor@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintBkImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintStatusImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintText@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintBorder@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?DoPostPaint@CControlUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?GetPos@CControlUI@DuiLib@@UBEABUtagRECT@@XZ
?GetText@CControlUI@DuiLib@@UBE?AVCStdString@2@XZ
?GetName@CControlUI@DuiLib@@UBE?AVCStdString@2@XZ
?PreMessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z
?Init@CPaintManagerUI@DuiLib@@QAEXPAUHWND__@@@Z
?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?AddNotifier@CPaintManagerUI@DuiLib@@QAE_NPAVINotifyUI@2@@Z
?GetRoot@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@XZ
?MessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
??BCStdString@DuiLib@@QBEPB_WXZ
??1CStdString@DuiLib@@QAE@XZ
??1CPaintManagerUI@DuiLib@@QAE@XZ
?GetShortcut@CControlUI@DuiLib@@UBE_WXZ
?ReapObjects@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@@Z
?GetRoundCorner@CPaintManagerUI@DuiLib@@QBE?AUtagSIZE@@XZ
?GetCaptionRect@CPaintManagerUI@DuiLib@@QAEAAUtagRECT@@XZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@UtagPOINT@@@Z
??0CDialogBuilder@DuiLib@@QAE@XZ
??1CDialogBuilder@DuiLib@@QAE@XZ
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
?GetSpecifyTemplateString@CListUI@DuiLib@@QAE?AVCStdString@2@XZ
?IsSelected@COptionUI@DuiLib@@QBE_NXZ
?Selected@COptionUI@DuiLib@@QAEX_N@Z
?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z
??0CPaintManagerUI@DuiLib@@QAE@XZ

hipsdb

?CreateDBObject@@YAPAVIDBBase@@W4HRDB_TYPE@1@@Z

comctl32

InitCommonControlsEx

jansson

json_unpack
json_deep_copy
json_equal
json_object_get
json_array_get
json_delete
json_pack
json_object_del
json_object_iter_key
json_object_set_new
json_array_remove
json_string_value
json_load_file
json_dump_file
json_dumps
json_array_insert_new
json_array_size
json_array
json_integer_set
json_integer_value
json_object_update
json_integer
json_object
json_object_iter_value
json_object_key_to_iter
json_object_iter_next
json_object_iter

hrcomm

CreateLPCClient

usysdiag

vif_sysutils_get

Sections

.text
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cbc03492d7109669a4ed8e95ace803d

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

9f:63:00:01:00:02:1f:a8:dc:56:b5:ea:e7:2cCertificate

Extended Key Usages

Key Usages

5d:12:e1:0c:a5:a1:fc:01:a3:47:e1:42:7d:fb:9d:86Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8a:0d:24:e5:73:b3:5d:86:52:c4:ef:23:5d:6a:9c:a9:da:41:f0:9bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

duilib

hipsdb

comctl32

jansson

hrcomm

usysdiag

Sections

.text Size: 273KB - Virtual size: 272KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 15KB - Virtual size: 27KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 26KB - Virtual size: 29KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

9f:63:00:01:00:02:1f:a8:dc:56:b5:ea:e7:2c
Certificate

5d:12:e1:0c:a5:a1:fc:01:a3:47:e1:42:7d:fb:9d:86
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8a:0d:24:e5:73:b3:5d:86:52:c4:ef:23:5d:6a:9c:a9:da:41:f0:9b
Signer

.text
Size: 273KB - Virtual size: 272KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 15KB - Virtual size: 27KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 26KB - Virtual size: 29KB