NEAS[.]6fea1558835711365157f72cebfaf730[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6fea1558835711365157f72cebfaf730.exe
Size

218KB
MD5

6fea1558835711365157f72cebfaf730
SHA1

1bd7b93989b009573d9082a70713a31983cb034d
SHA256

89c72908e955c297b376840bbe7d414d95129a1fddca9f02f05d9b232139560d
SHA512

bab00c04a9b1b6ffed00d86133a7762a299e2d82f61cbd8ae9a994e2b046495336f760f08b0c3ed27ada6911220af57efed7b1189b33fb26c3588e790d72cc1a
SSDEEP

3072:5vm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:N1SyAJp6rjn1gOObn4b6h9h

Score

1^/10

Malware Config

Signatures

Files

NEAS.6fea1558835711365157f72cebfaf730.exe
.exe windows:4 windows x86

5dbe4621616d081e3440b0469a9471ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2
Signer

Actual PE Digest

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
GetComputerNameA
GetCalendarInfoA
TlsAlloc
CreateDirectoryW
GetMailslotInfo
GetModuleFileNameW
GetCalendarInfoW
GetPriorityClass
GetUserDefaultLCID
GlobalFindAtomA
GetProcAddress
FindAtomW
FileTimeToLocalFileTime
EnumDateFormatsW
OpenEventA
GetLocaleInfoW
lstrcmpiW
SetLocaleInfoW
GetEnvironmentVariableW
GetExitCodeProcess
MulDiv
SetUnhandledExceptionFilter
GetNamedPipeInfo
EndUpdateResourceW
SetComputerNameA
GetProcessHeap
SetPriorityClass
FreeResource
GetModuleHandleW
QueryPerformanceFrequency
GetFileAttributesW
CompareStringA
LoadLibraryA
IsDebuggerPresent
HeapCreate
CreateNamedPipeW
GetThreadPriority
OpenMutexW
ExpandEnvironmentStringsA
lstrcmpi
GetEnvironmentStringsA
FileTimeToDosDateTime
GetCommandLineA
lstrcpynW
GetDiskFreeSpaceW
lstrcmp
GetCurrentDirectoryA

user32

AnimateWindow
GetWindowRgn
GetClassInfoA
CreateDialogParamA
GetClassInfoExW
EnumChildWindows
RegisterClassA
DrawTextA
SetFocus
MessageBoxIndirectW
MonitorFromPoint
ClientToScreen
DefWindowProcA
LoadImageA
ActivateKeyboardLayout
GetTopWindow
LoadMenuIndirectA
MessageBoxA
GetDC
UnregisterClassW
mouse_event
GetMenuState
SetCursor
ShowCursor
IsDlgButtonChecked
CheckDlgButton
SetParent
keybd_event
DrawTextW
SetDlgItemInt
FrameRect
RegisterClassExW
RemoveMenu
SendMessageA
TrackPopupMenuEx
GetForegroundWindow
LoadMenuA
GetDlgItemTextW
CreateDialogIndirectParamW
SetDlgItemTextW
MessageBeep
SetActiveWindow
CharNextA
GetMenu
UpdateLayeredWindow
SetWindowLongA
CloseWindow
MessageBoxW
EndDialog
IsIconic
CreateAcceleratorTableA

gdi32

PtInRegion
SetWorldTransform
CreateEnhMetaFileW
CreateDCW
CreateMetaFileW
TranslateCharsetInfo
EnumFontsA
ScaleViewportExtEx
CreateCompatibleDC
GetDIBits
RemoveFontResourceW
SetPixel
GetEnhMetaFileDescriptionA

advapi32

RegCreateKeyExW
RegOpenKeyW
RegRestoreKeyA
RegOpenKeyA
RegSaveKeyW
RegReplaceKeyA

shlwapi

SHDeleteEmptyKeyA
PathFindNextComponentW
StrCpyW
PathStripPathA
SHCopyKeyW
PathIsURLW
SHRegQueryInfoUSKeyW
PathCreateFromUrlA

oleaut32

VarR4FromR8

winmm

mciSendStringW
mciSendStringA

winspool.drv

DeleteFormA

Sections

.sX
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RqVY
Size: 1KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lziQh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EXGwv
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 167KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 4KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.E
Size: 4KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dbe4621616d081e3440b0469a9471ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

oleaut32

winmm

winspool.drv

Sections

.sX Size: 4KB - Virtual size: 4KB

.RqVY Size: 1KB - Virtual size: 255KB

.i Size: 14KB - Virtual size: 13KB

.lziQh Size: 4KB - Virtual size: 4KB

.EXGwv Size: 4KB - Virtual size: 142KB

.data Size: 167KB - Virtual size: 535KB

.I Size: 4KB - Virtual size: 279KB

.E Size: 4KB - Virtual size: 452KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 950B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2
Signer

.sX
Size: 4KB - Virtual size: 4KB

.RqVY
Size: 1KB - Virtual size: 255KB

.i
Size: 14KB - Virtual size: 13KB

.lziQh
Size: 4KB - Virtual size: 4KB

.EXGwv
Size: 4KB - Virtual size: 142KB

.data
Size: 167KB - Virtual size: 535KB

.I
Size: 4KB - Virtual size: 279KB

.E
Size: 4KB - Virtual size: 452KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 950B