NEAS[.]d4d141ea0704cc04fadada66ddfed750[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.d4d141ea0704cc04fadada66ddfed750.exe
Size

762KB
MD5

d4d141ea0704cc04fadada66ddfed750
SHA1

2225e3e162afe97c2ebf6a0913c65449633c82dd
SHA256

b0b5b720919001a5da434e0c95f49ae165ed7b850498883f6a7d44c2f183fec0
SHA512

2cada0a81ef3e9b2940c410765f4a85688cfa4abf6de982116ad120ffc76fbb20390b7472b961a1cb2207ce4191ae8973b3185def260576dfa968bbc80ef11dc
SSDEEP

12288:XTbrv/fSvjx+pckifiTcnUlEs471tsVSaEVg3V0H9:zSUj4ZtsfEa3V0d

Score

1^/10

Malware Config

Signatures

Files

NEAS.d4d141ea0704cc04fadada66ddfed750.exe
.exe windows:4 windows x86

de5360833ff503a921b5a68051e3dc80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:df:be:f6:6b:8d:37:d3:ea:15:5c:eb:d9:6b:ca:41
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01-10-2012 00:00

Not After

14-10-2013 23:59

Subject

CN=O and O Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=O and O Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:3e:9a:ae:ea:9a:ad:01:bc:71:3a:b8:01:75:1c:03:9a:ce:91:bd
Signer

Actual PE Digest

fd:3e:9a:ae:ea:9a:ad:01:bc:71:3a:b8:01:75:1c:03:9a:ce:91:bd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable

advapi32

RegDeleteKeyW
RegOpenKeyW
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegEnumKeyW

msi

ord70
ord45

kernel32

GlobalUnlock
LocalFree
GlobalFree
GlobalAddAtomW
FreeResource
LocalAlloc
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
WritePrivateProfileStringW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
lstrlenA
GetThreadLocale
MoveFileW
LoadLibraryW
UnlockFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
RaiseException
HeapSize
SetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
MulDiv
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
VirtualAlloc
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetTimeZoneInformation
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetStdHandle
GetCurrentThreadId
GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
WriteConsoleW
ReadFile
DeleteCriticalSection
WriteFile
FlushFileBuffers
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineA
GetModuleHandleA
GetCurrentProcessId
SetEndOfFile
SetFilePointer
CreateFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
CreateEventW
FormatMessageW
GetCurrentProcess
IsWow64Process
CreateThread
GetTickCount
TerminateProcess
Sleep
CreateProcessW
CloseHandle
GetExitCodeProcess
GetTempPathW
FindClose
FindFirstFileW
SetLastError
GetLastError
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
InterlockedDecrement
CreateMutexW
CreateDirectoryW
GetModuleFileNameW
GetSystemDefaultLCID
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
DeleteFileW
GetCommandLineW
lstrcpyW
WinExec
lstrcatW
GetWindowsDirectoryW
LockFile

user32

SetCapture
WindowFromPoint
LoadCursorW
ReleaseCapture
GetSysColorBrush
CharUpperW
UnregisterClassW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
SetCursor
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
CheckMenuItem
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
InflateRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CreateWindowExW
ReleaseDC
GetDC
CopyRect
IsWindow
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
GetSysColor
DrawStateW
FillRect
LoadBitmapW
LoadImageW
GetWindowRect
SetTimer
LoadIconW
SetWindowPos
EnableMenuItem
GetSystemMenu
DrawIcon
SendMessageW
GetClientRect
InvalidateRect
GetSystemMetrics
KillTimer
IsIconic
EnableWindow
PostMessageW
MessageBoxW
UnregisterClassA
MessageBeep
CopyIcon

gdi32

TextOutW
RectVisible
ExtTextOutW
Escape
GetBitmapDimensionEx
GetTextColor
CreateSolidBrush
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
CreatePen
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
DeleteObject
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
PtVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

ShellExecuteW
ShellExecuteExW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

ole32

CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantInit

ntdll

LdrGetProcedureAddress
LdrLoadDll
RtlInitString
LdrUnloadDll
RtlInitUnicodeString

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de5360833ff503a921b5a68051e3dc80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6e:df:be:f6:6b:8d:37:d3:ea:15:5c:eb:d9:6b:ca:41Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fd:3e:9a:ae:ea:9a:ad:01:bc:71:3a:b8:01:75:1c:03:9a:ce:91:bdSigner

Headers

File Characteristics

Imports

version

urlmon

wininet

advapi32

msi

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

shlwapi

ole32

oleaut32

ntdll

iphlpapi

Sections

.text Size: 328KB - Virtual size: 324KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 312KB - Virtual size: 311KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6e:df:be:f6:6b:8d:37:d3:ea:15:5c:eb:d9:6b:ca:41
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fd:3e:9a:ae:ea:9a:ad:01:bc:71:3a:b8:01:75:1c:03:9a:ce:91:bd
Signer

.text
Size: 328KB - Virtual size: 324KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 312KB - Virtual size: 311KB