NEAS[.]9e508648e3946afbb199f20b3c9fdbd0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9e508648e3946afbb199f20b3c9fdbd0.exe
Size

72KB
MD5

9e508648e3946afbb199f20b3c9fdbd0
SHA1

1240c0cd679557119459cd7b6f830011bae23e49
SHA256

078400e788e06e5d816529697991b95833766bfdde774301cd70c17e34afe66f
SHA512

79de7086024b0a21015019c078ecf5f6dd9cd8040d904eec9d56a134f8f81cb96b1f0e0d0495abf0d9cd8e263e75166c822eab4a7718167bb09fd5921b68fddd
SSDEEP

1536:Luj4jOrQQdExVmq6Vi/jSC3dQ5sd7LICS4AOIOJxxKfg57Szg:LmlZJbimC3ddsevxKfOSU

Score

1^/10

Malware Config

Signatures

Files

NEAS.9e508648e3946afbb199f20b3c9fdbd0.exe
.exe windows:4 windows x86

3d31813086f9530e717131a2a77850da

Code Sign

01:00:21
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

12/07/2002, 16:31

Not After

12/07/2012, 16:31

Subject

CN=Certum Level I,O=Unizeto Sp. z o.o.,C=PL

01:00:20
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

11/06/2002, 10:46

Not After

11/06/2027, 10:46

Subject

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

02:2f:0d
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

28/08/2002, 17:05

Not After

28/08/2012, 17:05

Subject

CN=Certum Time-Stamping Authority,O=Unizeto Sp. z o.o.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

03:37:17
Certificate

Issuer

CN=Certum Level I,O=Unizeto Sp. z o.o.,C=PL

Not Before

30/05/2006, 05:34

Not After

28/08/2006, 05:34

Subject

CN=Axantum Software AB,O=Private Certificate,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

19:30:56:db:6e:c7:d8:4c:01:fa:24:bd:6b:b6:c0:62:93:f4:94:be
Signer

Actual PE Digest

19:30:56:db:6e:c7:d8:4c:01:fa:24:bd:6b:b6:c0:62:93:f4:94:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA
PathAppendA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ord17

kernel32

ReleaseSemaphore
GetFileAttributesA
GetFullPathNameA
SetLastError
MultiByteToWideChar
AreFileApisANSI
GetLastError
lstrlenA
lstrcpynA
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
lstrcpyA
CreateThread
WaitForSingleObject
SetFileTime
TlsAlloc
InterlockedIncrement
TlsFree
InterlockedDecrement
GetCurrentThreadId
TlsGetValue
CloseHandle
GetThreadPriority
GetCurrentThread
SetThreadPriority
ResumeThread
ExitProcess
HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
GlobalLock
GlobalUnlock
WideCharToMultiByte
FormatMessageA
ConvertThreadToFiber
TlsSetValue
CreateFiber
SwitchToFiber
DeleteFiber
CreateFileA
SetFilePointer
ReadFile
SetEndOfFile
WriteFile
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
CreateSemaphoreA
LeaveCriticalSection
OutputDebugStringA
CreateEventA
SetEvent
EnterCriticalSection

user32

EndDialog
SendMessageA
GetWindowLongA
SetWindowLongA
CheckDlgButton
PostQuitMessage
DestroyWindow
EnableWindow
SetFocus
DialogBoxParamA
CreateDialogParamA
UpdateWindow
LoadAcceleratorsA
GetMessageA
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetKeyState
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
MessageBeep
CloseClipboard
CallWindowProcA
IsWindowUnicode
SendDlgItemMessageA
wvsprintfA
wsprintfA
MessageBoxA
PostMessageA
SetDlgItemTextA
SetWindowTextA
LoadStringA
IsDlgButtonChecked
GetDlgItemTextA
ShowWindow
GetDlgItem

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptCreateHash

shell32

SHGetFileInfoA
ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder
SHBrowseForFolderA

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d31813086f9530e717131a2a77850da

Code Sign

01:00:21Certificate

01:00:20Certificate

02:2f:0dCertificate

Extended Key Usages

03:37:17Certificate

Extended Key Usages

19:30:56:db:6e:c7:d8:4c:01:fa:24:bd:6b:b6:c0:62:93:f4:94:beSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

comctl32

kernel32

user32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 7KB

01:00:21
Certificate

01:00:20
Certificate

02:2f:0d
Certificate

03:37:17
Certificate

19:30:56:db:6e:c7:d8:4c:01:fa:24:bd:6b:b6:c0:62:93:f4:94:be
Signer

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 7KB