NEAS[.]ff43ff2ebcb2e5b7e58fd867ab94b560[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.ff43ff2ebcb2e5b7e58fd867ab94b560.exe
Size

758KB
MD5

ff43ff2ebcb2e5b7e58fd867ab94b560
SHA1

07085301670350c2f928edbf6e1e941220fbe70c
SHA256

8e9fa6903393ceb3fc5457cc607546262c1b8bc35c4518b73fd341f9f092d54c
SHA512

e9409279fa1094da7db6acb70e866fa0721fdf75b24c12ae75d71928defd760ce18a0f9e9ec0483d46011f6c7fa86c50ae79df2e4c80e4707cd2b9d4b62295af
SSDEEP

12288:ylL/OXBZf7y987ks7VmFzIeWBhYSMkX+JgcORE3LTc+ib+YwfKGW:8zWBZDy987ks7QFzIeWBv0Z3Ltib+XVW

Score

1^/10

Malware Config

Signatures

Files

NEAS.ff43ff2ebcb2e5b7e58fd867ab94b560.exe
.exe windows:6 windows x64

2673f5e16813304f24abed34b0067a55

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/02/2023, 00:00

Not After

08/03/2025, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:1e:eb:ea:67:1f:81:65:e6:32:de:b3:b8:29:3b:f1:e4:bf:3b:98:ea:f2:cb:1f:bd:18:0d:20:3b:68:c3:49
Signer

Actual PE Digest

41:1e:eb:ea:67:1f:81:65:e6:32:de:b3:b8:29:3b:f1:e4:bf:3b:98:ea:f2:cb:1f:bd:18:0d:20:3b:68:c3:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

InitCommonControlsEx
ord17

kernel32

InitializeCriticalSection
VerSetConditionMask
VerifyVersionInfoW
Sleep
CreateDirectoryW
GetVersionExW
CopyFileW
GetCurrentProcessId
CreateEventW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetFileTime
GetSystemInfo
GetExitCodeProcess
GetModuleHandleW
ExitProcess
LoadLibraryW
TerminateThread
CreateThread
MoveFileW
DeleteFileW
GetFileAttributesW
WaitForSingleObject
ReleaseMutex
CloseHandle
SetEndOfFile
CreateFileW
WriteFile
ReadFile
GetFileSize
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RemoveDirectoryW
FindResourceExW
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionEx
GetEnvironmentVariableW
HeapFree
SizeofResource
SetEvent
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
LocalFree
WideCharToMultiByte
GetProcAddress
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
GetActiveProcessorGroupCount
TerminateProcess
Process32FirstW
Process32NextW
FormatMessageW
GetModuleFileNameW
GetStartupInfoW
CreateProcessW
SetLastError
GetVolumeNameForVolumeMountPointW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
K32GetModuleBaseNameW
GetUserDefaultUILanguage
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetTickCount
MoveFileExW
FlushFileBuffers
FindNextFileW
MulDiv
LocalAlloc
LocalLock
LocalUnlock
InitializeCriticalSectionAndSpinCount
GetLogicalProcessorInformationEx
GetActiveProcessorCount
GetProcessTimes
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
GetStringTypeW
LoadLibraryExW
QueryPerformanceCounter
EncodePointer
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
OutputDebugStringW
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW

user32

SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
BeginPaint
DrawIcon
EndPaint
GetSysColor
GetDialogBaseUnits
SystemParametersInfoW
DrawTextW
LoadIconW
DestroyIcon
FillRect
IsWindow
GetClassNameW
EnableMenuItem
SetFocus
SetWindowPos
SetForegroundWindow
MoveWindow
GetParent
SetTimer
KillTimer
WinHelpW
RedrawWindow
GetAsyncKeyState
CreateDialogIndirectParamW
PeekMessageW
CloseClipboard
TranslateMessage
DispatchMessageW
WaitMessage
ShowWindow
DestroyWindow
GetWindowLongPtrW
GetSystemMenu
EnumWindows
PostQuitMessage
GetWindowThreadProcessId
GetWindow
SetClipboardData
EmptyClipboard
OpenClipboard
GetClientRect
CreateWindowExW
GetSystemMetrics
EndDialog
FindWindowW
DialogBoxParamW
GetDlgItem
SetDlgItemTextW
IsDlgButtonChecked
GetDlgItemTextW
CheckDlgButton
EnableWindow
GetWindowRect
SendMessageW
SetWindowLongPtrW
MessageBoxW
LoadStringW
SetWindowTextW
PostMessageW
IsWindowVisible
IsDialogMessageW
GetWindowTextW

advapi32

RegQueryValueExW
ControlService
QueryServiceStatus
RegEnumKeyExW
RegQueryInfoKeyW
DeleteService
ChangeServiceConfig2W
CreateServiceW
NotifyBootConfigStatus
ChangeServiceConfigW
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetSidSubAuthority
GetSidSubAuthorityCount
RegEnumKeyW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegDeleteKeyExW
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
LookupAccountSidW
LookupPrivilegeValueW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW

ole32

StringFromGUID2
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

SHDeleteKeyW

rpcrt4

UuidFromStringW

gdi32

CreateDCW
SetBkColor
DeleteObject
GetTextExtentPoint32W
CreateFontIndirectW
DeleteDC
SetTextColor
CreateSolidBrush
SelectObject

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2673f5e16813304f24abed34b0067a55

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

41:1e:eb:ea:67:1f:81:65:e6:32:de:b3:b8:29:3b:f1:e4:bf:3b:98:ea:f2:cb:1f:bd:18:0d:20:3b:68:c3:49Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

gdi32

Sections

.text Size: 385KB - Virtual size: 385KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 17KB - Virtual size: 46KB

.pdata Size: 13KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 226KB - Virtual size: 226KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

41:1e:eb:ea:67:1f:81:65:e6:32:de:b3:b8:29:3b:f1:e4:bf:3b:98:ea:f2:cb:1f:bd:18:0d:20:3b:68:c3:49
Signer

.text
Size: 385KB - Virtual size: 385KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 17KB - Virtual size: 46KB

.pdata
Size: 13KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 226KB - Virtual size: 226KB