NEAS[.]ac1380b680e914f0a0e00c646d0b5720[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ac1380b680e914f0a0e00c646d0b5720.exe
Size

71KB
MD5

ac1380b680e914f0a0e00c646d0b5720
SHA1

9a1ff5dda5166710e18f681ade199e7eded732c5
SHA256

7b0321d61554c0f9ac6e2b5288052202f52772c48f4aa01a4556c8675a614884
SHA512

10575db20530c4b641cb319283adf6e1da7e56a6db86b8f5c8715d2587e7b8775b1706c50fb376e9eea3ba1bbe46a645c2a764acccd5330df8d5df7915cb42bd
SSDEEP

1536:aimTDK2LW0qUIyYrw7tyjW/HqYM8OAom4tUSj3qmsxC:gnYrwhyjW/Hq+1rpEq7

Score

1^/10

Malware Config

Signatures

Files

NEAS.ac1380b680e914f0a0e00c646d0b5720.exe
.dll windows:5 windows x86

88e04075c84d34c2bb76f5d8a30382f4

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6b:e9:8f:73:7a:9c:11:d6:9c:e0:b3:16:69:6e:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/12/2009, 00:00

Not After

21/12/2012, 23:59

Subject

CN=Duowan Entertainment Information Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Duowan Entertainment Information Technology (Beijing) Co.\, Ltd.,L=beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:83:f1:b4:97:46:cf:e7:87:ac:27:5d:06:51:aa:21:be:46:4a:22
Signer

Actual PE Digest

02:83:f1:b4:97:46:cf:e7:87:ac:27:5d:06:51:aa:21:be:46:4a:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dwutility

?SHA@encryption@DwUtility@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
?toNarrowString@text@DwUtility@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBGHI@Z
?MD5CryptA@encryption@DwUtility@@YA_NPBDIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getGlobalMid@minfo@DwUtility@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?toWideString@text@DwUtility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBDHI@Z

dwbase

?dropDatabase@Data@@YAXK@Z
??1CFilterAND@Data@@QAE@XZ
??BCFilterAND@Data@@QBEPBUCFilter@1@XZ
?notNull@CFilterAND@Data@@QAEAAV12@ABUNAME_ID@@@Z
??0CFilterAND@Data@@QAE@XZ
?queryDatabase@Data@@YA?AV?$comptr@UIDatabase@Data@@@@K@Z
insert_name_id
?comMgr@@YAPAUIDWComMgr@@XZ
?coCreateComInstance@@YA_NPBDPAUIUnk@@AAV?$comptr@UIUnk@@@@@Z
?createDatabase@Data@@YA?AV?$comptr@UIDatabase@Data@@@@K@Z
?DoLog@@YAXGPBD0G0PBG@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

ole32

CoCreateGuid

msvcp90

?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Throw@std@@YAXABVexception@stdext@@@Z
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z

msvcr90

_onexit
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
??3@YAXPAX@Z
__CxxFrameHandler3
_snwprintf_s
_purecall
_invalid_parameter_noinfo
??2@YAPAXI@Z
memmove_s
_wtoi64
??_V@YAXPAX@Z
memset
memcpy
wcslen
strcmp
strlen
_snprintf_s
_unlock
__dllonexit
_encode_pointer
_lock
_amsg_exit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e

Exports

Exports

protocolSdk
releaseSDK

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88e04075c84d34c2bb76f5d8a30382f4

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3e:6b:e9:8f:73:7a:9c:11:d6:9c:e0:b3:16:69:6e:ebCertificate

Extended Key Usages

Key Usages

02:83:f1:b4:97:46:cf:e7:87:ac:27:5d:06:51:aa:21:be:46:4a:22Signer

Headers

DLL Characteristics

File Characteristics

Imports

dwutility

dwbase

kernel32

ole32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3e:6b:e9:8f:73:7a:9c:11:d6:9c:e0:b3:16:69:6e:eb
Certificate

02:83:f1:b4:97:46:cf:e7:87:ac:27:5d:06:51:aa:21:be:46:4a:22
Signer

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB