NEAS[.]4e43b9cabf54003d8b20a18bdee4fd80[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4e43b9cabf54003d8b20a18bdee4fd80.exe
Size

617KB
MD5

4e43b9cabf54003d8b20a18bdee4fd80
SHA1

c9d7e596702ee799d165337606984983ab06c03d
SHA256

d52a2662c65ddbc6fc019a0e89c6a40890ae6b134a7d9c04d6d2e2bd8610d9b2
SHA512

190ce9b7709a56adcd7f96c32523bf9d9a979da64f4f1d2652caea669ff16b40bc5962024b8c4865ee3d420d8ac65bf75012f7168b705ad53a4658733156f3e6
SSDEEP

12288:/kbyih0Pns3mtOA7bS/qcqIyi3k+Z46HE9WmIM2IvrcKoLc:cblhcjbSiPLqihIMf2Lc

Score

1^/10

Malware Config

Signatures

Files

NEAS.4e43b9cabf54003d8b20a18bdee4fd80.exe
.exe windows:4 windows x86

94a9f6a6d671c249111ecacb1a886103

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

12/12/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:23:f7:a0:2c:19:d0:d4:13:92:2d:b1:e5:a7:dc:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

17/07/2002, 00:00

Not After

03/08/2003, 23:59

Subject

CN=Dell Computer Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Personal Systems Group,O=Dell Computer Corporation,L=Round Rock,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
WriteFile
SetFilePointer
DeviceIoControl
GetDiskFreeSpaceA
lstrcpyA
GetVersion
FindResourceA
Sleep
LockResource
LoadResource
GetTickCount
SizeofResource
FreeLibrary
GetProcAddress
LoadLibraryA
GetDriveTypeA
GetLogicalDrives
GetFileSize
DeleteFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
SetFileAttributesA
CopyFileA
GetModuleFileNameA
CreateFileA
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
HeapAlloc
HeapFree
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
GetCPInfo
GetACP
GetOEMCP

user32

GetParent
GetClientRect
GetDC
DrawTextA
ReleaseDC
SetWindowLongA
SetWindowPos
EnumChildWindows
GetWindowRect
MoveWindow
GetWindowTextA
GetDlgItem
EnableWindow
SetWindowTextA
ShowWindow
SetDlgItemTextA
SendMessageA
GetDlgItemTextA
EndDialog
PostMessageA
GetWindowLongA
LoadImageA
DestroyIcon
PostQuitMessage
wsprintfA
MessageBoxA
DialogBoxParamA

comctl32

ord17

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94a9f6a6d671c249111ecacb1a886103

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

65:23:f7:a0:2c:19:d0:d4:13:92:2d:b1:e5:a7:dc:58Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

comctl32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 552KB - Virtual size: 552KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

65:23:f7:a0:2c:19:d0:d4:13:92:2d:b1:e5:a7:dc:58
Certificate

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 552KB - Virtual size: 552KB