NEAS[.]248d4c12215956638a1c50bee2ea6170[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.248d4c12215956638a1c50bee2ea6170.exe
Size

4.7MB
MD5

248d4c12215956638a1c50bee2ea6170
SHA1

25c153e93f0a050a3461d44dee23f2fa931767f3
SHA256

76bb5a4f4deca92b2ab6f3d279b346b251e384d4f021065b8eb8a6dd7ad1d8a5
SHA512

d96496901bc6f851724c69c8e1bc2a5e1a47426fc07da56e250061919e043f8ad18f121c962c84793a119465c6c689a797ec493e12dc845a6a6d3c7c957c189e
SSDEEP

49152:djkvg9jm8+NLDmfjVUHxvbtwfKlQ5incdd4JjqPXSKqV3k8OD9/v6MaMMEHc:iugxvAMJjq6KK8X8V

Score

1^/10

Malware Config

Signatures

Files

NEAS.248d4c12215956638a1c50bee2ea6170.exe
.dll regsvr32 windows:5 windows x64

1a4f6cd6c770441397cab84fe2d7b1b1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:47:75:35:c6:83:43:ba:71:c7:4d:70:b9:e9:7d:5b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/09/2014, 00:00

Not After

07/09/2015, 23:59

Subject

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:d5:72:9c:4a:04:2c:d4:03:8d:a0:5f:80:4b:21:cb:21:f6:c5:8f
Signer

Actual PE Digest

8f:d5:72:9c:4a:04:2c:d4:03:8d:a0:5f:80:4b:21:cb:21:f6:c5:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipAlloc
GdipCloneImage
GdiplusStartup
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDeleteBrush
GdipCreateLineBrushI
GdipFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSQueryUserToken

winmm

PlaySoundW

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathCombineW

comctl32

ImageList_GetIconSize

msimg32

AlphaBlend
GradientFill
TransparentBlt

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

kernel32

RtlUnwindEx
HeapReAlloc
ExitThread
CreateThread
ExitProcess
HeapSize
HeapQueryInformation
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
GetDateFormatA
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetTimeZoneInformation
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
LCMapStringW
GetStringTypeW
SetHandleCount
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
WTSGetActiveConsoleSessionId
LoadLibraryA
ExpandEnvironmentStringsA
RtlPcToFileHeader
EncodePointer
DecodePointer
VirtualProtect
GetUserDefaultLCID
SearchPathW
GetTickCount
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
lstrcpyW
GetCurrentDirectoryW
GlobalGetAtomNameW
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
MoveFileW
DeleteFileW
GetFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlLookupFunctionEntry
WaitForMultipleObjects
GetProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ConvertDefaultLocale
GetSystemDefaultUILanguage
FormatMessageA
ResumeThread
SetThreadPriority
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
CopyFileW
GlobalSize
FormatMessageW
GetCurrentThread
OpenProcess
lstrlenA
FindClose
FindFirstFileW
GetFileAttributesW
GetLocaleInfoW
lstrcmpW
SetThreadLocale
GetThreadLocale
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
TerminateThread
SuspendThread
CreateEventW
ResetEvent
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
LockResource
ActivateActCtx
DeactivateActCtx
LoadLibraryW
FreeResource
FindResourceExW
lstrcpynW
ProcessIdToSessionId
GetCurrentProcessId
GetUserDefaultUILanguage
GetSystemDefaultLCID
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
Sleep
lstrlenW
MulDiv
GetFileSizeEx
WideCharToMultiByte
WriteFile
ReleaseMutex
ExpandEnvironmentStringsW
CreateMutexW
GetCurrentThreadId
WaitForSingleObject
SetEvent
CreateEventA
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
LocalFree
CloseHandle
LocalAlloc
GetProcAddress
SetLastError
GetLastError
VerifyVersionInfoW
CreateFileW
GetModuleFileNameW
GetSystemDirectoryW
GetModuleHandleW
OutputDebugStringW
VerSetConditionMask
LoadLibraryExW
CreateProcessW
FreeLibrary
lstrcmpA
GetFullPathNameW
GetCommandLineA
FlsSetValue
GetFileAttributesExW
GetTimeFormatA
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
RemoveDirectoryW
CreateDirectoryW
SetStdHandle

gdi32

GetTextFaceW
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
SetPixel
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
CreatePolygonRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetTextMetricsW
DPtoLP
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CopyMetaFileW
CreateHatchBrush
GetObjectType
SelectPalette
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
UnrealizeObject
Rectangle
CreatePen
CreateDCW
FillRgn
SetBrushOrgEx
CreateRoundRectRgn
GetTextExtentPointW
SetBkMode
PatBlt
CreateBrushIndirect
SetBkColor
SetStretchBltMode
CreateBitmap
GetPixel
RoundRect
TextOutW
CreatePatternBrush
CreateDIBSection
SetTextColor
GetTextColor
DeleteDC
GetStockObject
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW
GetDeviceCaps
DeleteObject
StretchBlt
GetObjectW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
AccessCheck
FreeSid
ImpersonateSelf
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
TraceMessage
RegCloseKey
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegQueryValueExW
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueW

ole32

DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoInitialize
OleDuplicateData
ReleaseStgMedium
StringFromGUID2
CreateStreamOnHGlobal
OleGetClipboard
CoFreeUnusedLibrariesEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
CoUninitialize
RegisterDragDrop

oleaut32

UnRegisterTypeLi
LoadTypeLi
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
RegisterTypeLi

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

Exports

Exports

?IsAvailable@NotificationIcon@UI@UXDriver@Nvidia@@SA_NXZ
?IsRunning@NotificationIcon@UI@UXDriver@Nvidia@@SA_NXZ
?IsThemedMessageWindowOpen@NotificationIcon@UI@UXDriver@Nvidia@@SA_NXZ
?Refresh@NotificationIcon@UI@UXDriver@Nvidia@@SAXXZ
?ShowBalloon@NotificationIcon@UI@UXDriver@Nvidia@@SA_NIIIPEB_W000@Z
?ShowBalloon@NotificationIcon@UI@UXDriver@Nvidia@@SA_NIIKPEB_W00@Z
?ShowBalloon@NotificationIcon@UI@UXDriver@Nvidia@@SA_NIIPEAUHICON__@@PEB_W11@Z
?ShowBalloon@NotificationIcon@UI@UXDriver@Nvidia@@SA_NPEB_W0KPEAUHICON__@@00@Z
?ShowThemedBalloon@NotificationIcon@UI@UXDriver@Nvidia@@SA_NPEB_W0KPEAUHICON__@@0@Z
?ShowThemedMessageWindow@NotificationIcon@UI@UXDriver@Nvidia@@SA_NPEB_W0KPEAUHICON__@@0@Z
?StartNotificationIcon@NotificationIcon@UI@UXDriver@Nvidia@@SA_NW4LoadPluginOption@234@W4QuitOption@234@W4EventFlag@234@@Z
?UpdateTrayIcon@NotificationIcon@UI@UXDriver@Nvidia@@SA_NPEB_W_N1@Z
CloseCloneToFitUI
DisplayTooltipWithExecuteW
DisplayTooltipWithoutExecuteW
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetWFDSyncHandle
InitilizeResourceHandle
IsNotificationIconAvailable
IsThemedMessageWindowOpen
IsZoomCloneRegionTrayIconRequired
SelectRegion
SetNotToRefreshTray
Show3DProfileInfo
Show3DProfileInfoW
ShowBalloon
ShowHCloneHotplugDialog
ShowPowerNotification
ShowSLIBlockingAppsDlg
ShowSurroundNotification
ShowThemedBalloon
ShowThemedMessageWindow
ShowVideoBridgeNotification
StartWFDNotificationIcon
StopNotificationIcon
StopNotificationIconW
UpdateTrayIcon

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 835KB - Virtual size: 835KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a4f6cd6c770441397cab84fe2d7b1b1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

5e:47:75:35:c6:83:43:ba:71:c7:4d:70:b9:e9:7d:5bCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8f:d5:72:9c:4a:04:2c:d4:03:8d:a0:5f:80:4b:21:cb:21:f6:c5:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

version

wtsapi32

winmm

shlwapi

comctl32

msimg32

userenv

imm32

kernel32

gdi32

comdlg32

winspool.drv

advapi32

ole32

oleaut32

oleacc

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 835KB - Virtual size: 835KB

.data Size: 71KB - Virtual size: 128KB

.pdata Size: 110KB - Virtual size: 109KB

text Size: 3KB - Virtual size: 2KB

data Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 93KB - Virtual size: 93KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

5e:47:75:35:c6:83:43:ba:71:c7:4d:70:b9:e9:7d:5b
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8f:d5:72:9c:4a:04:2c:d4:03:8d:a0:5f:80:4b:21:cb:21:f6:c5:8f
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 835KB - Virtual size: 835KB

.data
Size: 71KB - Virtual size: 128KB

.pdata
Size: 110KB - Virtual size: 109KB

text
Size: 3KB - Virtual size: 2KB

data
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 93KB - Virtual size: 93KB