NEAS[.]f7471f10f0d1b908a6a5886aaa7fd8b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f7471f10f0d1b908a6a5886aaa7fd8b0.exe
Size

169KB
MD5

f7471f10f0d1b908a6a5886aaa7fd8b0
SHA1

41e3bee7c9e9ec44b3f6a8a771a6630c69f96951
SHA256

0418cad9a771e4df444b03da6c1f2b0245fbfcebff696c3212d91b1f9ea8e51b
SHA512

8a8b047d2b92f1e26f0fe3b298cd3b88a588a8f261bf83ec1409bde57e766ef4216feafacd1280c22e60fe8638cc1a7b23f82f0bafaee63350475cc7ff657ca4
SSDEEP

3072:epIp/Rcl3pWU4gM0M2Yy4KUS6XT+TkdxURy0SQJXdJGm1nkfGX2:Vcl3pk8cNKd6j+IYJtUtum

Score

1^/10

Malware Config

Signatures

Files

NEAS.f7471f10f0d1b908a6a5886aaa7fd8b0.exe
.dll regsvr32 windows:5 windows x64

f654e1c7a15b0863b21a5510b172e6b9

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:c6:c0:6d:ac:2e:59:d8:43:f5:fd:2a:37:61:f3:40
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

10/09/2021, 12:15

Not After

09/09/2024, 12:15

Subject

CN=Takashi Sawanaka,O=Takashi Sawanaka,ST=Chiba,C=JP,1.2.840.113549.1.9.1=#0c1477696e6d657267656a7040676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:e4:ba:13:33:dc:0c:6f:d0:4c:b3:ef:06:a6:b4:3d:44:86:06:c7:8e:98:76:2f:5c:af:54:61:84:57:5b:1e
Signer

Actual PE Digest

66:e4:ba:13:33:dc:0c:6f:d0:4c:b3:ef:06:a6:b4:3d:44:86:06:c7:8e:98:76:2f:5c:af:54:61:84:57:5b:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
GetModuleHandleW
FindResourceW
FindResourceExW
EncodePointer
FreeLibrary
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
RaiseException
LocalFree
lstrcpyW
lstrcatW
CreateFileW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
GetFileType
GetStdHandle
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
LockResource
MultiByteToWideChar
DecodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
GetStringTypeW
GetACP

user32

GetWindow
GetWindowTextW
SetWindowTextW
SetDlgItemTextW
CharNextW
SetWindowLongPtrW
GetWindowLongPtrW
GetDlgItemTextW
wsprintfW
EndDialog
DialogBoxParamW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString
SysAllocStringByteLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f654e1c7a15b0863b21a5510b172e6b9

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

7c:c6:c0:6d:ac:2e:59:d8:43:f5:fd:2a:37:61:f3:40Certificate

Extended Key Usages

Key Usages

66:e4:ba:13:33:dc:0c:6f:d0:4c:b3:ef:06:a6:b4:3d:44:86:06:c7:8e:98:76:2f:5c:af:54:61:84:57:5b:1eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

7c:c6:c0:6d:ac:2e:59:d8:43:f5:fd:2a:37:61:f3:40
Certificate

66:e4:ba:13:33:dc:0c:6f:d0:4c:b3:ef:06:a6:b4:3d:44:86:06:c7:8e:98:76:2f:5c:af:54:61:84:57:5b:1e
Signer

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB