NEAS[.]9f031845e4209c746a66d0997c7a9260[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9f031845e4209c746a66d0997c7a9260.exe
Size

224KB
MD5

9f031845e4209c746a66d0997c7a9260
SHA1

05d6c739ddabff49202b71694834249e55bab30a
SHA256

12a2115862da7830d908ad934fdda2f7ea4777505b1e7840dfc8301b0e3f3dfe
SHA512

989add8165600293764be767753e1be038bfd09b7e203412f9ad9d0d367c1469f46aea1991d215e62fd09911ae6e91f3a715de876c91330367a7101d3cb0912b
SSDEEP

3072:wHB81GRyNkFl/AvivdztqWcP4FtjPJPhhDfrT0CfkhlkgGz91LleaJA+TT4EFAp3:wLISzFtjPJPfrmhyASRFA7dlDOtuf6m

Score

1^/10

Malware Config

Signatures

Files

NEAS.9f031845e4209c746a66d0997c7a9260.exe
.dll windows:5 windows x86

5e1449c20f7a4ae08d6fa06a30c3f269

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:b1:5d:c4:08:52:0f:fb:26:7e:7c:10:9d:7d:29:04
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/05/2012, 00:00

Not After

04/08/2013, 23:59

Subject

CN=Taxcom,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Taxcom,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:79:b1:bd:ec:f1:09:6e:a4:bf:1b:24:b6:dd:db:9f:1c:7d:62:d1
Signer

Actual PE Digest

f3:79:b1:bd:ec:f1:09:6e:a4:bf:1b:24:b6:dd:db:9f:1c:7d:62:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

arczip_vc90

?ExtractTo@CZipUnzip@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0PBD@Z
??0CZipUnzip@@QAE@XZ
?Open@CZipUnzip@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
??1CZipUnzip@@UAE@XZ
?Close@CZipUnzip@@QAEXH@Z
?ExtractTo@CZipUnzip@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAVCBinData@@@Z
?GetFNameList@CZipUnzip@@QAEHAAVCStringArray@@@Z

mfc90

ord663
ord1555
ord5835
ord5753
ord2691
ord5520
ord404
ord311
ord2698
ord6680
ord5963
ord4431
ord6707
ord783
ord582
ord3491
ord571
ord4029
ord793
ord589
ord3659
ord4667
ord4890
ord3110
ord6001
ord5646
ord5663
ord4981
ord4333
ord2447
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord4197
ord6462
ord6154
ord5923
ord1137
ord1387
ord2372
ord6793
ord1607
ord702
ord6797
ord452
ord6681
ord942
ord664
ord3390
ord2209
ord405
ord665
ord2490
ord406
ord780
ord1568
ord3186
ord3401
ord5776
ord5528
ord579
ord3901
ord6279
ord6277
ord1117
ord761
ord557
ord1565
ord4521
ord6468
ord1509
ord1014
ord2323
ord6728
ord2086
ord5933
ord5321
ord5328
ord2185
ord1495
ord6466
ord5588
ord3172
ord3174
ord5526
ord1249
ord5979
ord5983
ord5991
ord4440
ord2084
ord2442
ord5925
ord635
ord3000
ord366
ord4506
ord6559
ord262
ord259
ord1709
ord2566
ord6584
ord6802
ord5761
ord2547
ord6791
ord265
ord266
ord5750
ord1247
ord3579
ord3447
ord2672
ord5997
ord6148
ord941
ord6676
ord6682
ord945
ord300
ord3213
ord305
ord6613
ord1611
ord4392
ord2082
ord899
ord6120
ord3647
ord580
ord781
ord6153
ord1252
ord6494
ord1603
ord4477
ord3178
ord2480
ord4507
ord817
ord4311
ord2481
ord2327
ord1254
ord1258
ord798
ord316
ord2539
ord820
ord321
ord5924
ord3987
ord1087
ord4993
ord910
ord6257
ord1183
ord5615
ord4617
ord5152
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord5636
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord322
ord1075
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4668
ord3506
ord374
ord310
ord601
ord639
ord800
ord1330
ord605
ord1278
ord1243
ord1241
ord1268
ord1180
ord1233
ord391
ord1152
ord1277
ord1275
ord1145
ord801

msvcr90

?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
atoi
memcpy_s
memset
__CxxFrameHandler3
memmove_s
_time64
strncmp
memcpy
free
malloc
realloc
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
strftime
_localtime64_s
_purecall
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_mktime64
atol
strtok
isdigit
sscanf
_mbsrchr

kernel32

UnmapViewOfFile
CloseHandle
MapViewOfFile
OpenFileMappingA
GetLastError
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetCurrentThreadId
DeleteFileA
LocalFree
FormatMessageA
CopyFileA
GlobalFree
GetFileAttributesA
SetFileAttributesA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
MoveFileA

user32

LoadIconA
MessageBoxA
KillTimer
SendMessageA
IsWindowVisible
EnableWindow
InvalidateRect
DestroyCaret

shell32

ShellExecuteA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

RFP_FreePlugin
RFP_GetDefaultPosition
RFP_GetPlugin
RFP_GetPluginInfo

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e1449c20f7a4ae08d6fa06a30c3f269

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

51:b1:5d:c4:08:52:0f:fb:26:7e:7c:10:9d:7d:29:04Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f3:79:b1:bd:ec:f1:09:6e:a4:bf:1b:24:b6:dd:db:9f:1c:7d:62:d1Signer

Headers

File Characteristics

Imports

arczip_vc90

mfc90

msvcr90

kernel32

user32

shell32

oleaut32

msvcp90

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 23KB - Virtual size: 22KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

51:b1:5d:c4:08:52:0f:fb:26:7e:7c:10:9d:7d:29:04
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f3:79:b1:bd:ec:f1:09:6e:a4:bf:1b:24:b6:dd:db:9f:1c:7d:62:d1
Signer

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 23KB - Virtual size: 22KB