NEAS[.]8c556d6d8318b6bd86fc9d0ed3593430[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8c556d6d8318b6bd86fc9d0ed3593430.exe
Size

408KB
MD5

8c556d6d8318b6bd86fc9d0ed3593430
SHA1

4d4037761720219b5321fc859d0573c530a305fe
SHA256

b016ba356f861ba8b2997809928e4bd6e1e914e58a5c6aa9858d41d671fbc747
SHA512

82e6b804deb8056e05ee97aca66500582e79783954b04c6edbb4368a7e2981d38ead000b79bce47560afc22b2b57f2df76957c894c061e94edca6ab519684094
SSDEEP

6144:46jl4gOMTiq3vLrNEpS2rwEBfOSsJIVw598UY9uQr0O0+:P7T/vL6pS28em7JIeqf0+

Score

1^/10

Malware Config

Signatures

Files

NEAS.8c556d6d8318b6bd86fc9d0ed3593430.exe
.exe windows:5 windows x86

329844e0852f60c218f358f993444368

Code Sign

19:3d:a6:5b:9e:3b:99:2a:6e:df:c3:54:88:1d:65:dd
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/02/2015, 00:00

Not After

17/02/2016, 23:59

Subject

CN=Sheshadrivasu Chandrasekharan,O=Sheshadrivasu Chandrasekharan,POSTALCODE=08831,STREET=15 Maxwell Road,L=Monroe,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:51:90:af:bd:71:b5:0f:08:4f:91:cb:38:46:d5:d8:06:88:00:0f
Signer

Actual PE Digest

95:51:90:af:bd:71:b5:0f:08:4f:91:cb:38:46:d5:d8:06:88:00:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

brh_util

ord11
ord10
ord13

iphlpapi

GetAdaptersAddresses

kernel32

GetOEMCP
GetCPInfo
FlushFileBuffers
GetFileSize
GetFullPathNameA
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetVolumeInformationA
SetErrorMode
ExitProcess
GetModuleHandleExW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetLocalTime
GetCommandLineA
RtlUnwind
GetSystemDefaultUILanguage
RaiseException
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapQueryInformation
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetStdHandle
Sleep
GetStringTypeW
GetConsoleMode
ReadConsoleW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetConsoleCP
SetFilePointerEx
LCMapStringW
OutputDebugStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
DeleteFileA
FileTimeToSystemTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
LoadLibraryW
lstrcmpW
GetModuleFileNameW
GetSystemDirectoryW
GetVersion
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
OutputDebugStringA
GetFileAttributesW
GetCurrentProcessId
CompareStringA
GlobalDeleteAtom
LoadLibraryExW
GetModuleFileNameA
GetCurrentThreadId
GetCurrentThread
InterlockedExchange
SetLastError
MulDiv
GlobalFree
GetPrivateProfileIntA
GetModuleHandleW
GetModuleHandleA
GetACP
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
lstrcpyA
GetProcAddress
FreeLibrary
GetComputerNameA
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpA
InterlockedDecrement
InterlockedIncrement
DeviceIoControl
CreateFileA
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
lstrcmpiA
CreateDirectoryA
lstrcatA
FindClose
FindFirstFileA
GetVersionExA
CloseHandle
WaitForSingleObject
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceA
lstrlenA
LocalFree
GetLastError
FormatMessageA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GlobalFlags
GetUserDefaultUILanguage

user32

CharUpperA
DestroyMenu
UnregisterClassA
KillTimer
SetTimer
RealChildWindowFromPoint
LoadCursorA
GetSysColorBrush
GetSystemMetrics
SetCursor
GetCursorPos
TranslateMessage
ClientToScreen
EndPaint
BeginPaint
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageA
SetWindowTextA
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
LoadIconW
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
SetWindowPos
DestroyWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
DispatchMessageA
RegisterWindowMessageA
UnhookWindowsHookEx
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongA
IsWindowEnabled
PostQuitMessage
PostMessageA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
SendDlgItemMessageA
UpdateWindow
InvalidateRect
IsWindow
MessageBoxA
wsprintfA
GetMessageA
PeekMessageA
SendMessageA
GetDesktopWindow
EnableWindow
ReleaseDC
GetDC
GetSysColor

gdi32

TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetBkMode
DeleteObject
CreateSolidBrush
GetDeviceCaps
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteDC
CreateBitmap
GetObjectA
SetTextColor
SetBkColor

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFindExtensionA

ole32

CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize

oleaut32

VariantClear
SysAllocStringLen
VariantChangeType
VariantInit
SysAllocString
SysAllocStringByteLen
SysStringLen
SysFreeString

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

329844e0852f60c218f358f993444368

Code Sign

19:3d:a6:5b:9e:3b:99:2a:6e:df:c3:54:88:1d:65:ddCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

95:51:90:af:bd:71:b5:0f:08:4f:91:cb:38:46:d5:d8:06:88:00:0fSigner

Headers

DLL Characteristics

File Characteristics

Imports

brh_util

iphlpapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oleacc

Sections

.text Size: 222KB - Virtual size: 222KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 10KB - Virtual size: 26KB

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 88KB - Virtual size: 87KB

19:3d:a6:5b:9e:3b:99:2a:6e:df:c3:54:88:1d:65:dd
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

95:51:90:af:bd:71:b5:0f:08:4f:91:cb:38:46:d5:d8:06:88:00:0f
Signer

.text
Size: 222KB - Virtual size: 222KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 10KB - Virtual size: 26KB

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 88KB - Virtual size: 87KB