NEAS[.]fd9aad16400b3ff662bdd8b2a7033b40[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.fd9aad16400b3ff662bdd8b2a7033b40.exe
Size

508KB
MD5

fd9aad16400b3ff662bdd8b2a7033b40
SHA1

2ce147e8b40e2c49e4046a7f5712070d2955bb52
SHA256

99a6dd5163c793b714de11ecbc56a93c4e04fc021cf81697f4b43b6e35b2ac08
SHA512

f2f848c7db73f78d1a03c88537fb40907d2ece8266701fbb4a3e8b1c5953bd3e9907c4dc55b0217504b7b7075874f3c7da979d32c411898a1fbd7ecaed074ae7
SSDEEP

6144:KAC+m9CWOyhjA1HjvU8qIPOL9ztwp2xE9:LC+m/OxjsvM2

Score

1^/10

Malware Config

Signatures

Files

NEAS.fd9aad16400b3ff662bdd8b2a7033b40.exe
.exe windows:4 windows x86

c4477013e1acf341288e9159dc31b65f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:fc:e8:84:65:26:34:ba:17:f6:48:bc:5b:e6:f3:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/05/2014, 00:00

Not After

12/07/2017, 23:59

Subject

CN=Avid Technology\, Inc.,O=Avid Technology\, Inc.,L=Burlington,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:9d:73:b6:21:d2:6f:22:bf:71:a9:74:9e:43:a1:d9:b7:67:b9:57
Signer

Actual PE Digest

27:9d:73:b6:21:d2:6f:22:bf:71:a9:74:9e:43:a1:d9:b7:67:b9:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory
WTSCloseServer
WTSOpenServerW
WTSQueryUserToken

kernel32

FormatMessageW
GetLastError
GetCurrentThreadId
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
SystemTimeToFileTime
GetSystemTime
GetCurrentProcess
GetModuleHandleW
GetProcAddress
OutputDebugStringW
WTSGetActiveConsoleSessionId
GetVersionExW
OpenProcess
CloseHandle
CreateProcessW
LocalFree
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
GetExitCodeThread
EnterCriticalSection
Sleep
SetThreadPriority
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
ResetEvent
FindFirstFileW
FindNextFileW
FindClose
GetLongPathNameW
CreateDirectoryW
LoadLibraryW
FreeLibrary
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
ResumeThread
SetThreadPriorityBoost

user32

MessageBoxW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetMessageW
DispatchMessageW
PostThreadMessageW

advapi32

RegisterServiceCtrlHandlerExW
RegDeleteKeyW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegNotifyChangeKeyValue
StartServiceCtrlDispatcherW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
AllocateAndInitializeSid
FreeSid
RegCloseKey
SetServiceStatus

msvcp80

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ

msvcr80

_wcsicmp
wcscmp
?what@exception@std@@UBEPBDXZ
memcmp
wcsstr
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
towupper
_purecall
wcsspn
wcscpy_s
vswprintf_s
_CxxThrowException
__CxxFrameHandler3
__RTtypeid
isalnum
strncpy_s
strcspn
_vsnwprintf_s
_wcsrev
_vsnprintf_s
wcstok_s
strtok_s
_wtof
_atoi64
wcspbrk
_waccess
_fstat64i32
_chsize
_read
_lseek
_write
_wremove
_wunlink
_close
_wsopen_s
_invalid_parameter_noinfo
__clean_type_info_names_internal
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
_invoke_watson
_controlfp_s
memcpy
wcsnlen
towlower
_wtoi
malloc
wcsncpy_s
calloc
??3@YAXPAX@Z
??2@YAPAXI@Z
realloc
wcsrchr
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
wcscat_s
memmove
__RTDynamicCast
memset
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
??0exception@std@@QAE@XZ
free
wcscspn

wintrust

WinVerifyTrust

mfc80u

ord3383

shlwapi

PathRemoveFileSpecW

oleaut32

SysFreeString

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4477013e1acf341288e9159dc31b65f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

32:fc:e8:84:65:26:34:ba:17:f6:48:bc:5b:e6:f3:6fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

27:9d:73:b6:21:d2:6f:22:bf:71:a9:74:9e:43:a1:d9:b7:67:b9:57Signer

Headers

File Characteristics

Imports

setupapi

wtsapi32

kernel32

user32

advapi32

msvcp80

msvcr80

wintrust

mfc80u

shlwapi

oleaut32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 296KB - Virtual size: 295KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

32:fc:e8:84:65:26:34:ba:17:f6:48:bc:5b:e6:f3:6f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

27:9d:73:b6:21:d2:6f:22:bf:71:a9:74:9e:43:a1:d9:b7:67:b9:57
Signer

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 296KB - Virtual size: 295KB