Static task
static1
Behavioral task
behavioral1
Sample
NEAS.74edbf9c34399a02bdfcc2a96e33efb0.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.74edbf9c34399a02bdfcc2a96e33efb0.dll
Resource
win10v2004-20231023-en
General
-
Target
NEAS.74edbf9c34399a02bdfcc2a96e33efb0.exe
-
Size
1.8MB
-
MD5
74edbf9c34399a02bdfcc2a96e33efb0
-
SHA1
cbeca1fcb833d4d855b1465b3116ef015978e77b
-
SHA256
d0ffc64d61eb71d11910a2866c617600db8c06c7faaf6d6e35233f1214e6f06e
-
SHA512
651ae27159fda9a85aa94ac131a5f7637b672ce53b4fcce383626316a369f75e7929a87a07b65a94156fbbd9435891bf686e4296932fb58d45f3babfc789e265
-
SSDEEP
49152:B9kW8MrrB7ffKcWlTmkfLZyMxjnFB8cLOr1cQ1:TAMrtArZLFnFiXr1cQ1
Malware Config
Signatures
Files
-
NEAS.74edbf9c34399a02bdfcc2a96e33efb0.exe.dll windows:5 windows x86
ff986350d03ee6ea93bbaaf2a89af27f
Code Sign
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporationc1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22/08/2007, 22:31Not After25/08/2012, 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:0f:78:4d:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/08/2007, 00:23Not After23/02/2009, 00:33SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:47:52:ba:00:00:00:00:00:04Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before16/09/2006, 01:53Not After16/09/2011, 02:03SubjectCN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:49:7c:ed:00:00:00:00:00:05Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before16/09/2006, 01:55Not After16/09/2011, 02:05SubjectCN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16/09/2006, 01:04Not After15/09/2019, 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0f:1a:8b:58:bf:e4:db:5d:ca:b2:17:7f:0a:28:9d:66:0d:44:80:47Signer
Actual PE Digest0f:1a:8b:58:bf:e4:db:5d:ca:b2:17:7f:0a:28:9d:66:0d:44:80:47Digest Algorithmsha1PE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
esent
JetSeek
winspool.drv
DeviceCapabilitiesA
gdi32
SetMapperFlags
GetWindowExtEx
GetCurrentPositionEx
SetBitmapDimensionEx
SelectPalette
CombineRgn
GetLogColorSpaceA
winmm
midiStreamPosition
wininet
InternetCrackUrlA
kernel32
EnterCriticalSection
InterlockedPushEntrySList
WaitForSingleObject
GlobalDeleteAtom
VerLanguageNameA
GetExitCodeProcess
WaitForSingleObjectEx
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetModuleFileNameA
GetBinaryTypeA
LocalFlags
PostQueuedCompletionStatus
SetCommMask
GetCurrentProcess
GetThreadPriority
GetQueuedCompletionStatus
LocalFileTimeToFileTime
UnregisterWaitEx
GlobalMemoryStatusEx
LocalLock
SwitchToThread
EnumResourceTypesA
shlwapi
StrRChrA
shell32
SHGetUnreadMailCountW
secur32
QuerySecurityContextToken
rpcrt4
I_RpcServerCheckClientRestriction
I_RpcServerSetAddressChangeFn
I_RpcNsInterfaceUnexported
NdrOleAllocate
user32
GetQueueStatus
GetClipCursor
ToUnicodeEx
MonitorFromPoint
ScreenToClient
CreateIconFromResourceEx
WindowFromPoint
GetUpdateRgn
GrayStringA
IsWinEventHookInstalled
TrackPopupMenuEx
CreateWindowExA
RealGetWindowClassW
UpdateWindow
PostQuitMessage
advapi32
RegOpenCurrentUser
QueryServiceStatus
wintrust
CryptCATEnumerateMember
CryptCATGetAttrInfo
oleaut32
SysAllocStringByteLen
GetErrorInfo
msvcrt
memset
putc
fgets
iswprint
ole32
ReadFmtUserTypeStg
OleQueryCreateFromData
HPALETTE_UserSize
CoMarshalInterface
HMENU_UserSize
iphlpapi
Icmp6ParseReplies
DeleteIpForwardEntry
ws2_32
select
setupapi
CM_Reenumerate_DevNode_Ex
SetupDiEnumDeviceInfo
CM_Get_Device_Interface_ListW
ntdsapi
DsQuoteRdnValueW
Exports
Exports
TaretxopnnevnNtitx
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 80KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 480KB - Virtual size: 478KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2*s+PkG Size: 968KB - Virtual size: 964KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.crt0 Size: 132KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dkx Size: 40KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7Hoy Size: 124KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
.reloc Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ