NEAS[.]3ba61a566c3813c17a0ea78549b7f6b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3ba61a566c3813c17a0ea78549b7f6b0.exe
Size

8.8MB
MD5

3ba61a566c3813c17a0ea78549b7f6b0
SHA1

39892f9a1844987c178627fe0087500a970a063e
SHA256

9f010a6998346f5f5f0267df38eec9b5bd1cf55789bf88a00fbfabad0257e8b9
SHA512

f1118199fc8164e0358e74411d9f0b25894948032031519ed619b664447e71fc8a3a21601237e810df37c60732af5a1afe7dce8dcb492d8b80fd1cd1c556088d
SSDEEP

196608:eS99o7IIspavulStYzjtkpWb/94Vdf49oVqf6EgXoxn2D+BwcAWH2ols6V:e18I7tYzjtkps7

Score

1^/10

Malware Config

Signatures

Files

NEAS.3ba61a566c3813c17a0ea78549b7f6b0.exe
.exe windows:5 windows x86

a8aa79d4ccaece3046592506dda1faae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2020, 00:00

Not After

26/03/2023, 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2020, 00:00

Not After

26/03/2023, 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

97:7f:93:4a:e7:8a:2f:4d:92:dd:11:3c:da:30:39:27:e2:49:77:a0:db:fc:23:e2:98:35:e7:36:8b:92:a0:c1
Signer

Actual PE Digest

97:7f:93:4a:e7:8a:2f:4d:92:dd:11:3c:da:30:39:27:e2:49:77:a0:db:fc:23:e2:98:35:e7:36:8b:92:a0:c1

Digest Algorithm

sha256

PE Digest Matches

false

56:6c:e9:b7:19:84:61:67:d4:a0:c0:ec:5b:58:d0:99:9c:f3:25:66
Signer

Actual PE Digest

56:6c:e9:b7:19:84:61:67:d4:a0:c0:ec:5b:58:d0:99:9c:f3:25:66

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
LocalFree
IsProcessorFeaturePresent
GetTempPathW
GetTempFileNameW
DeleteFileA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsGetValue
CreateSemaphoreW
TlsSetValue
ReleaseSemaphore
GetSystemTimeAsFileTime
GetACP
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualFree
GetFileAttributesW
CreateDirectoryW
GetFullPathNameW
lstrcpyW
SetFileAttributesW
RemoveDirectoryW
lstrcpynW
CreateProcessW
CreateFileA
GetCurrentProcessId
TerminateProcess
ResetEvent
GetSystemDirectoryW
GetWindowsDirectoryW
MoveFileW
WaitForSingleObject
lstrcpynA
SleepEx
ReadDirectoryChangesW
GetExitCodeThread
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
VirtualAlloc
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetStartupInfoW
LCMapStringA
LCMapStringW
CreateThread
GetCPInfo
HeapCreate
GetStdHandle
FlushFileBuffers
ExitProcess
SetUnhandledExceptionFilter
DeleteFileW
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
GetTimeFormatA
WideCharToMultiByte
GetFileSize
GetDateFormatA
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteFile
SetFilePointer
ReadFile
FindClose
FindNextFileW
FindFirstFileW
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTickCount
Sleep
ExpandEnvironmentStringsW
GetFileTime
GetFileSizeEx
GetLongPathNameW
lstrcpyA
CreateFileW
LoadLibraryW
GlobalMemoryStatusEx
GlobalFree
GlobalHandle
GlobalUnlock
GlobalLock
WriteConsoleW
GetModuleHandleA
SetEndOfFile
CompareStringA
SetEnvironmentVariableA
SetThreadPriority
GlobalAlloc
SetLastError
GetCurrentThreadId
SetErrorMode
InterlockedExchange
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
FlushInstructionCache
HeapDestroy
GetCurrentProcess
MulDiv
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpW
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetSystemInfo
GetLastError
CreateMutexW
FreeLibrary
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
CloseHandle
CopyFileW
CreateEventW

user32

InflateRect
GetWindowDC
SetScrollInfo
SetScrollRange
SetScrollPos
DrawTextW
EqualRect
IsWindowVisible
SetCursor
MessageBoxA
IntersectRect
UnionRect
PeekMessageW
ShowCursor
GetForegroundWindow
SetWindowPlacement
OffsetRect
GetWindowPlacement
GetMenuStringW
AppendMenuW
RemoveMenu
EnableMenuItem
CheckMenuItem
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
CreateDialogIndirectParamW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SubtractRect
CopyRect
KillTimer
SetForegroundWindow
SetWindowRgn
SetPropW
SetTimer
EnableWindow
PostQuitMessage
EndDialog
FindWindowExW
PtInRect
SetRect
GetWindowRect
GetKeyState
ShowWindow
SetRectEmpty
IsRectEmpty
GetSystemMetrics
SetCursorPos
GetCursorPos
LoadIconW
TrackMouseEvent
MapWindowPoints
TrackPopupMenuEx
RegisterClassW
GetPropW
RemovePropW
IsWindowEnabled
MonitorFromRect
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
GetWindowThreadProcessId
ScrollWindow
GetScrollInfo
ShowScrollBar
GetDlgItemInt
SetDlgItemInt
SendDlgItemMessageW
InsertMenuW
GetDlgItemTextW
SetDlgItemTextW
MapDialogRect
SetWindowContextHelpId
MonitorFromWindow
wsprintfW
CreatePopupMenu
PostMessageW
SystemParametersInfoW
SetWindowTextW
IsChild
GetFocus
SetFocus
GetDlgItem
IsWindow
RedrawWindow
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
FillRect
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
DialogBoxIndirectParamW
GetWindow
GetClassInfoExW
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetMenuItemCount
EnumChildWindows
DrawIcon
GetCapture
GetClassLongW
GetDlgCtrlID
GetCaretPos
EnumDisplayMonitors
EnumWindows
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
BringWindowToTop
AttachThreadInput
DialogBoxParamW
RegisterClassExW
MessageBoxW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
GetActiveWindow
CharNextW
CreateWindowExW
EndPaint
BeginPaint
GetClientRect
ReleaseCapture
SetCapture
InvalidateRect
GetParent
SetWindowPos
ReleaseDC
GetDC
GetWindowTextLengthW
GetWindowTextW
RegisterWindowMessageW
LoadCursorW
GetSysColor
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetClassNameW
MoveWindow
SendMessageW
FindWindowW
UnregisterClassA

gdi32

ExtTextOutW
OffsetWindowOrgEx
CreateDCW
GetTextExtentPoint32W
EndDoc
StartPage
EndPage
SetPixel
SetBkColor
ExtCreateRegion
LineTo
MoveToEx
CombineRgn
OffsetRgn
ExcludeClipRect
GetTextMetricsW
SetWindowOrgEx
SetTextColor
SetBkMode
CreateFontIndirectW
CreateFontW
GetICMProfileW
CreateDIBSection
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
StartDocW
DeleteObject
CreateSolidBrush

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
ord203
EnumPrintersW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

advapi32

RegSetValueExA
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
SetNamedSecurityInfoW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW

shell32

DragQueryFileW
DragAcceptFiles
SHGetFolderPathW
ShellExecuteW
DragFinish
SHGetFolderLocation
SHGetSpecialFolderPathW
ord16
SHCreateDirectoryExW
ord2
ord4
ord21
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetMalloc
SHChangeNotify
SHFileOperationW
ord155
SHOpenFolderAndSelectItems
ord190
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
ord68

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StringFromGUID2
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleCreate
OleSetContainedObject
CoAllowSetForegroundWindow
OleLockRunning

oleaut32

VariantInit
VarUI4FromStr
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect

shlwapi

StrFormatByteSizeW
StrStrW
PathCanonicalizeW
PathIsDirectoryW

comctl32

_TrackMouseEvent

winmm

timeEndPeriod
PlaySoundW
timeBeginPeriod

imm32

ImmAssociateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

wininet

HttpSendRequestW
InternetErrorDlg
HttpQueryInfoW
InternetReadFile
InternetConnectA
InternetSetOptionW
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionW
HttpOpenRequestA
HttpAddRequestHeadersW

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8aa79d4ccaece3046592506dda1faae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

97:7f:93:4a:e7:8a:2f:4d:92:dd:11:3c:da:30:39:27:e2:49:77:a0:db:fc:23:e2:98:35:e7:36:8b:92:a0:c1Signer

56:6c:e9:b7:19:84:61:67:d4:a0:c0:ec:5b:58:d0:99:9c:f3:25:66Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

winmm

imm32

version

crypt32

wintrust

wininet

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

IPPCODE Size: 773KB - Virtual size: 773KB

.rdata Size: 689KB - Virtual size: 688KB

.data Size: 108KB - Virtual size: 130KB

ve_share Size: 2KB - Virtual size: 1KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 167KB - Virtual size: 166KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

97:7f:93:4a:e7:8a:2f:4d:92:dd:11:3c:da:30:39:27:e2:49:77:a0:db:fc:23:e2:98:35:e7:36:8b:92:a0:c1
Signer

56:6c:e9:b7:19:84:61:67:d4:a0:c0:ec:5b:58:d0:99:9c:f3:25:66
Signer

.text
Size: 6.9MB - Virtual size: 6.9MB

IPPCODE
Size: 773KB - Virtual size: 773KB

.rdata
Size: 689KB - Virtual size: 688KB

.data
Size: 108KB - Virtual size: 130KB

ve_share
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 167KB - Virtual size: 166KB