NEAS[.]b9a9d69c04183a9cf773aceb52554000[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b9a9d69c04183a9cf773aceb52554000.exe
Size

231KB
MD5

b9a9d69c04183a9cf773aceb52554000
SHA1

7df89da607b80ea27d17f52240cb65bb04b20f9f
SHA256

8529754154ff0b4fb9ea0acac4ea21a918e6fbc7270d02d6ce1c9ad8b258f91b
SHA512

9893b069e000a6fdf40b55f100f4e730de333e4af056faa1b526f77b54c2bb8f0863ffa5e8fac45bed8007400188ceb920f6898250921834d64e59e00501e3d4
SSDEEP

6144:y0CshD7CcAxBKfylXLeXGIpbmIIGSWcBGR/Dlv:xLhPCdBaIXLYGimPGSfB4pv

Score

1^/10

Malware Config

Signatures

Files

NEAS.b9a9d69c04183a9cf773aceb52554000.exe
.exe windows:4 windows x86

e4d8c3a1a334a5b30c07d0ae1540afcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/04/2010, 00:00

Not After

09/04/2011, 23:59

Subject

CN=TrustPort,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustPort,L=Brno,ST=Morava,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87
Signer

Actual PE Digest

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
RemoveDirectoryW
DosDateTimeToFileTime
GetEnvironmentStringsW
LoadLibraryA
FileTimeToLocalFileTime
lstrlenA
GlobalDeleteAtom
DeleteAtom
GetSystemDirectoryW
SetLastError
GetTimeFormatW
OpenWaitableTimerW
FlushFileBuffers
GetFullPathNameA
GetMailslotInfo
CreateThread
DuplicateHandle
FindResourceA
GetSystemInfo
GetProcAddress
GetCPInfo
IsBadReadPtr
InitializeCriticalSection
SetComputerNameA
GetAtomNameW

user32

AppendMenuW
MonitorFromPoint
DeleteMenu
MessageBoxIndirectW
DialogBoxParamW
SendDlgItemMessageA
GetClassNameW
GetMenuItemCount
WinHelpA
GetActiveWindow
CopyRect
RegisterClassExW
CreateCaret
MonitorFromWindow
PeekMessageW
CheckMenuItem
SendMessageA
ActivateKeyboardLayout
DrawIcon
CheckDlgButton
CallWindowProcW
GetTopWindow
ReleaseDC
CreateDialogIndirectParamA
GetKeyboardLayout
CharPrevW
GetClassInfoExA
LoadImageW
GetWindowRgn
CharPrevA
GetMenu
SetActiveWindow
UpdateLayeredWindow
GetSysColorBrush
SendDlgItemMessageW
SendMessageW
keybd_event
EnableMenuItem
EnumWindows
SetWindowPos
ClientToScreen
CharUpperW
IsWindow
wsprintfW
InvalidateRgn
SetDlgItemTextW
RegisterClassA
GetClassInfoW
LoadMenuIndirectW

gdi32

GetPixelFormat
SetICMMode
CreateDCW
GetObjectA
EnumFontsA
GetEnhMetaFilePaletteEntries
CreateFontIndirectW
SetDIBColorTable
PolyPolygon
EnumFontsW
LPtoDP
GetPaletteEntries
CloseEnhMetaFile
SelectBrushLocal
EndPage
GetRegionData
Polyline
CheckColorsInGamut
Ellipse

advapi32

RegQueryInfoKeyW
RegReplaceKeyW
RegQueryValueA
RegQueryInfoKeyA
RegOpenKeyA
RegRestoreKeyW
RegCloseKey
RegOpenKeyW

shlwapi

StrChrIA
PathCommonPrefixA
PathFindFileNameW
StrRetToBufA
UrlApplySchemeA
SHQueryValueExW
SHDeleteEmptyKeyA
SHRegQueryInfoUSKeyW
PathUnExpandEnvStringsA

urlmon

IsLoggingEnabledA
GetSoftwareUpdateInfo
RegisterFormatEnumerator
ReleaseBindInfo
CoInternetCreateZoneManager
IsJITInProgress
HlinkNavigateString
URLDownloadA
RegisterBindStatusCallback
CoInstall
CreateURLMonikerEx
UrlMkBuildVersion
ObtainUserAgentString

wsock32

SetServiceA
WSAAsyncSelect
MigrateWinsockConfiguration
GetTypeByNameA
recvfrom
rresvport
TransmitFile
getpeername
socket
gethostbyname
WSAGetLastError
send
WSAUnhookBlockingHook
sendto

crypt32

CertFindRDNAttr
I_CryptRegisterSmartCardStore
CertAddEncodedCertificateToSystemStoreW
I_CryptFindSmartCardCertInStore
CertEnumCRLsInStore
I_CryptGetLruEntryIdentifier
I_CertProtectFunction
CryptGetDefaultOIDFunctionAddress
CertRDNValueToStrA
PFXVerifyPassword
I_CryptGetAsn1Decoder
CryptInstallOIDFunctionAddress

Sections

.I
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lEq
Size: 4KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ejkao
Size: 3KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jS
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RuWz
Size: 1KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TsV
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ng
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 174KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.S
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aVqhQ
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZTNeF
Size: 2KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4d8c3a1a334a5b30c07d0ae1540afcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

urlmon

wsock32

crypt32

Sections

.I Size: 5KB - Virtual size: 5KB

.lEq Size: 4KB - Virtual size: 373KB

.ejkao Size: 3KB - Virtual size: 109KB

.jS Size: 13KB - Virtual size: 12KB

.RuWz Size: 1KB - Virtual size: 227KB

.TsV Size: 4KB - Virtual size: 21KB

.ng Size: 1KB - Virtual size: 416KB

.data Size: 174KB - Virtual size: 378KB

.S Size: 1024B - Virtual size: 3KB

.aVqhQ Size: 4KB - Virtual size: 3KB

.ZTNeF Size: 2KB - Virtual size: 296KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 894B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87
Signer

.I
Size: 5KB - Virtual size: 5KB

.lEq
Size: 4KB - Virtual size: 373KB

.ejkao
Size: 3KB - Virtual size: 109KB

.jS
Size: 13KB - Virtual size: 12KB

.RuWz
Size: 1KB - Virtual size: 227KB

.TsV
Size: 4KB - Virtual size: 21KB

.ng
Size: 1KB - Virtual size: 416KB

.data
Size: 174KB - Virtual size: 378KB

.S
Size: 1024B - Virtual size: 3KB

.aVqhQ
Size: 4KB - Virtual size: 3KB

.ZTNeF
Size: 2KB - Virtual size: 296KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 894B