NEAS[.]03c03a2591f4774e082d648a3b93e370[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.03c03a2591f4774e082d648a3b93e370.exe
Size

618KB
MD5

03c03a2591f4774e082d648a3b93e370
SHA1

1a94852d1000e2c2561b31a01d1a096389fa9256
SHA256

efd35a37ec3a53ed5eda696e62e859630eea14750909090c3ad6175ca83e77fa
SHA512

9322529fbdbea4a27675b2e06a588aabb2dece7e7e53552ffe779447a47c706eb7092eaea7e21155a8598c9fa4bbdd04964beba25565657eadeac84195d3483e
SSDEEP

12288:rYd7yR2a7i2HWGXY3u4umM5Jv0G4n7ENhMm:r8c2V3u4g5doEB

Score

1^/10

Malware Config

Signatures

Files

NEAS.03c03a2591f4774e082d648a3b93e370.exe
.exe windows:4 windows x86

b0f230906037e2ab7d5e05af29dd9b1d

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2015, 00:00

Not After

24/05/2016, 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:ea:9a:cf:83:fb:4c:50:2f:5e:a7:28:4e:dd:45:0f:af:d4:a4:e5
Signer

Actual PE Digest

39:ea:9a:cf:83:fb:4c:50:2f:5e:a7:28:4e:dd:45:0f:af:d4:a4:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DragObject
BringWindowToTop
EmptyClipboard
OemToCharW
RegisterDeviceNotificationW
SetClipboardData
WaitMessage
ToUnicode
MoveWindow
GetKeyState
SendMessageCallbackA
GetGuiResources
GetWindowTextLengthA
SetWindowPos
GetClientRect
IsCharUpperA
CreateMDIWindowA
LoadKeyboardLayoutA
GetMenuBarInfo
SetClassLongA
ShowWindowAsync
GetCapture
DrawTextExW
wsprintfA
IsMenu
GetKeyboardLayoutNameA
UnloadKeyboardLayout
LoadCursorFromFileA
AdjustWindowRectEx
SetMenuItemInfoA
DefFrameProcW
GetWindowThreadProcessId
MessageBoxTimeoutW
GetMessageA
EnumDisplaySettingsW
CopyAcceleratorTableA
GetClipboardFormatNameA
SubtractRect
SendMessageTimeoutW
OemToCharBuffW
RegisterClipboardFormatA
DrawIcon
SetMenuInfo
CreateCursor
ShowCaret
LoadStringA
LoadCursorW
SetClassLongW
GetTabbedTextExtentA
GetAncestor
UnhookWindowsHook
GetClassInfoExW
LoadCursorFromFileW
GetListBoxInfo
ShowOwnedPopups
EnumDesktopsW
DefDlgProcW
SystemParametersInfoA
DlgDirListW
SystemParametersInfoW
FindWindowW
MessageBoxTimeoutA
PeekMessageW
HideCaret
MessageBoxIndirectW
GetKeyboardLayoutNameW
CloseDesktop
GetUserObjectInformationW
ActivateKeyboardLayout
OpenInputDesktop
ModifyMenuW
PostThreadMessageW
GetKeyboardState
SetDlgItemTextW
GetMenuItemInfoA
RealGetWindowClassA
GetUpdateRgn
IsDialogMessageA
UnregisterHotKey
GetMonitorInfoW
GetWindowWord
GetCursorPos
FindWindowA
IsWindow
EqualRect
EnumThreadWindows
IsDlgButtonChecked
GetMessagePos
EnumDesktopsA
CreateDialogIndirectParamW
UpdateWindow
GetClipboardFormatNameW
BroadcastSystemMessageExW
InsertMenuA
BroadcastSystemMessageExA
GetSystemMetrics
TranslateMessageEx
GetScrollInfo
GetMessageTime
MessageBoxW
IsCharAlphaNumericW
OpenWindowStationW
SetCaretPos
GetWindowTextW
GetWindowWord

kernel32

SetFileApisToANSI
CreateProcessA
lstrcmpiW
SetErrorMode
ReplaceFile
IsBadStringPtrA
AddAtomW
EnumResourceNamesA
HeapReAlloc
GetCalendarInfoW
FindFirstFileExW
SetFileShortNameA
VerLanguageNameA
SetFileApisToOEM
ClearCommError
CloseProfileUserMapping
CancelIo
GetLargestConsoleWindowSize
SetComputerNameW
CreateDirectoryW
GetPrivateProfileIntW
WinExec
GetThreadContext
GetFileInformationByHandle
ReadConsoleOutputCharacterW
GetModuleHandleExA
GetConsoleCursorInfo
GetPrivateProfileStringW
ClearCommBreak
GetEnvironmentStrings
RemoveDirectoryW
WaitNamedPipeA
GetStringTypeExW
SetEnvironmentVariableW
LZInit
CompareStringW
Heap32First
BuildCommDCBAndTimeoutsA
CreateProcessInternalA
FileTimeToLocalFileTime
WriteConsoleOutputW
ScrollConsoleScreenBufferW
OpenEventA
FindClose
GetDiskFreeSpaceExW
ConnectNamedPipe
EnumSystemLanguageGroupsW
WaitForSingleObject
CreateTimerQueue
MapUserPhysicalPages
GetOEMCP
GetProfileIntW
FlushConsoleInputBuffer
GetNamedPipeHandleStateW
GetThreadSelectorEntry
LocalSize
GetStringTypeW
GetTimeFormatW
CreateFileW
GetProcessTimes
ConvertDefaultLocale
GetConsoleKeyboardLayoutNameW
PulseEvent
FindFirstVolumeMountPointA
lstrcpyn
lstrcpyA
QueryDosDeviceA
ExpandEnvironmentStringsA
WaitForMultipleObjectsEx
GetConsoleFontInfo
GetDriveTypeW
GetTimeZoneInformation
FindFirstChangeNotificationW
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextA
PageSetupDlgA
ChooseFontA

shell32

ShellExec_RunDLL
InternalExtractIconListW

Exports

Exports

'ht-�q�r�~��뇢��v�(�{�0ayA a��a�*j��@2'�.?"��}��ݒ��,Ч�o�W��!��M�C�M��枖�0ǍL�!!�w�ź�š��DjDl�=rmF�F�B��{�؛��!��y�Fn ��w )7DZ�+�42��x�?�&��`C�78do�p�yF��wx��T��J�x�[��X=��>�-#�)"�W��?gcx��hk�p�1]�O�]�;�ϏϚ,q��v~�v��,��۲��D{䜨NN�P�)W>X�B�3y��O@�\�y��x�Ʉ7mju;�� 2�]R��t��n��6�`e��_|�Z�U��d��Ï��ؓ%�pY�� sqP��?�`��M��Ct9�N�x��u��.](Sw�4@S��.��h;�+�X�c췫��l��m1��'��8�34��Ԍ)��q��*��ˁ�?��d�B��Fe�fr��rt�kY��~�-��Ԟ��[�C��q��-~ &�l��mxj�`<�?� �lpH�< y�G�*�g��d�9�[��&�m��z9�%��!��~a��p%�:��w��Y�U��δ��o�,��EZў�huw^5p�魟��Y�n��>��~�TФ Ԯ民7?s��֫�4�� uLcH�44��[��%�F-ث� ~M9�{�o��8��z��4?�^��Fnko�Ҍ�}Q ��S@��Д\��hERI��U��DMeT�l�؟��pZh�v�K��JN��Nkǻ��<W��$��r��kQ@�ØF 15G�5m��i�Φ� ��4�kBOnZ9��9��=�8MD��&LN0�\ɶ d�d�cD ��-��t�s�`7�R�_�� ɛ��wؿܹ!�z~4ky/իQ��h��j�\1��5Y�ʰE2�g�צ��f�9�JH��V��O׋��h�֣�l�|�@��h0G�0��m��]�?W@<�s�-՞��6� ��_PG��Ή��3y��!��u!�My��,[�D�>H��0�S��ўfp��v�nLH�NZ�n.�/�i3*��d��R�b_��=I�uU�e�x�c�M�#�17��ӆ��p��T�X>(�\ Cg7F'io�II�Ç��b��_�:観x/g>� `6�~h��h��2��L�0��f� C"�`�`�/[��SIR3�ЇiZ�.��F�_w�s�)Y�=�Ho�)��G'��=��f��@��MP7 ��=��[H�$�^��t��5�ň@�.��r��հ<��e��mS�,��4d4ǂ��A�v��R�hm�}�$�.�P��s�V��P�ڃ��Ä��O�V].f�!�SY=eˎԯ�7��K�?H�ޚ��9j��}�]�'H$M�~��*{��:�$s�r|Umf�.Q�Opy�Л`V��`��1m��N[#'�m�G�cKi��E��P�?��檈2�͙c6`��:�W�+�P��>�QO Ԅ ��gx�� j�W��Cn�J��@n��5�� d��9�(&�3^�+�G��Hz��x'52�A��f�c�3KuCB7=��J�|`��eА��꠵�� k:k��b%�u��O�Pz??�}��2��R�j�.�(u�԰��bNgr~RӣmeW��ڕӿ�m��=��rn�VI�� v��@C�a�L(�s�2T~��#�,59�س[ ��K��EK�^b�T�zx�߁��w#�Ɛ%��5��g��&��&��\�#��s��)�l]��W�SJ1��FaÈ�Ђ��ʙ�bG��T�k��Ál�5��!��mog�.-j^��<@/��H�(��0�I�u�Hj��r��o��P�G2�Y8&��bWO77�d��18о��E��ܫ%d��R3p��`��B.��(V �r0:r�d�,��i,<I[��J��T�i��]� ^*�n'�:榾J��3�_��P�T��e��V �e 4��5�� A&�_'��Qߪ�p0)'Iϫ��/8��9��<(�gth�ՙ�Ɍ�S[��KS9(��X��ٵ ��Ǳ�ƈ�B_��ao�J��1n�wЊ�6�U��8�pK)��,��/� �Pi�G�� z�{��I'T�˭�p4��zM6'��r�\� �%��.��/A��'G�B#��>�a) �/��Z��a�\��#X�~~�zx4��!��!��;�-�ܘ�.��IjiU��_uv|��_�Lu#��]�5��4�R,y��iZ�D�Ά��좂��N��D/�%R%�[��C��mF|o� ��W�_��!'��٣� ⷙ�2R� IE>/4��:|r�k!d�3��^�ȃ�J�$��(�ЕAe��+��~D��o=//?H��rƑT\��?kd��5�}9 � ]�#��>"�Z{�� ~ X�p��-$�_��x?F_��HW��ӊ!c�]�;�L��oѩ��ħb��$�&�oG�蘫j�ep��L6�z��@�~�j��a�|z��7 �T��# ��Ef��-�G�� ;uM0&��&��6i�@��\Bmet��-�H� ��S}�P'��3��{嫒C��/�S`j��KHc�*p��ߖ�PG�]`q m[Uޱ��è��ߗ��@W�\|!�tS��[�p� ��7ѝx��\݆�@2�zq&?6�q��K��<�^�E� �%��|?T�%@�}�8�PD>`��cp��4�JS�y݆ߕ1��t \3(s��7��+f��{M��}��a�)�p��%�b� �!��j��

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 821B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0f230906037e2ab7d5e05af29dd9b1d

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

39:ea:9a:cf:83:fb:4c:50:2f:5e:a7:28:4e:dd:45:0f:af:d4:a4:e5Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

shell32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 821B

.idata Size: 5KB - Virtual size: 4KB

.text0 Size: 19KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 71KB - Virtual size: 70KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

39:ea:9a:cf:83:fb:4c:50:2f:5e:a7:28:4e:dd:45:0f:af:d4:a4:e5
Signer

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 821B

.idata
Size: 5KB - Virtual size: 4KB

.text0
Size: 19KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 71KB - Virtual size: 70KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB