NEAS[.]31199cdf42a779f3ac217a07bd4a1460[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.31199cdf42a779f3ac217a07bd4a1460.exe
Size

406KB
MD5

31199cdf42a779f3ac217a07bd4a1460
SHA1

2ca95d1ab364640e42d0be84c7e935c500f3ee87
SHA256

008891e73e703653da5705aa1f6fca994a941d2b35899fccc9277a8b9f9dc8d7
SHA512

71d5cf464a4addccde5bab60346aa879b62c5718d6bdbcedb8b09c6c0d07cc4525334522811c07c5db8d7ae0c25f65feb6025b43c3639e4150724c1cb35a6e12
SSDEEP

6144:28kDfcU4Eu+c30rxsibiLV3Wss60UGZIOvbTK:2HcU4Eu+c3+xVOmVK

Score

1^/10

Malware Config

Signatures

Files

NEAS.31199cdf42a779f3ac217a07bd4a1460.exe
.exe windows:5 windows x64

814068d68f02b829a57a99d8d743bd92

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:02:1a:27:d2:83:12:88:5c:61:3a:a4:98:58:0f:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/03/2011, 00:00

Not After

22/04/2014, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

32:a9:8a:3f:10:e4:cd:59:7f:3c:70:ab:01:28:3b:96:27:8e:6b:b9
Signer

Actual PE Digest

32:a9:8a:3f:10:e4:cd:59:7f:3c:70:ab:01:28:3b:96:27:8e:6b:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

powrprof

GetCurrentPowerPolicies

kernel32

lstrcmpiA
CloseHandle
GetLocaleInfoA
GetUserDefaultUILanguage
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
FindClose
FindFirstFileA
GetModuleFileNameA
GetModuleHandleW
DeleteFileA
GetVersionExA
CreateProcessA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
lstrlenA
Sleep
LoadLibraryA
CreateMutexA
GetCurrentThreadId
GetCommandLineA
HeapQueryInformation
HeapReAlloc
HeapCreate
GetModuleHandleA
GetProcAddress
GetLastError
SetEndOfFile
ReadFile
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
CompareFileTime
GetSystemPowerStatus
QueryPerformanceCounter
LoadLibraryExA
OutputDebugStringW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapSetInformation
HeapAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
LoadLibraryW
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
SetEvent
OpenEventA
OutputDebugStringA
ExitProcess
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
HeapFree
GetProcessHeap
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
VirtualProtect
VirtualQuery
HeapSize
HeapValidate
IsBadReadPtr
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsAlloc
FlsFree
SetLastError
DebugBreak
GetStdHandle
WriteFile
WriteConsoleW
GetFileType
GetTickCount

user32

KillTimer
SetTimer
CharNextW
PostThreadMessageA
CharNextA
EnumDisplaySettingsA
ChangeDisplaySettingsExA
RegisterClassA
CreateWindowExA
DispatchMessageA
GetMessageA
PostQuitMessage
RegisterDeviceNotificationA
DefWindowProcA
EnumDisplayDevicesA
SendNotifyMessageA
FindWindowA
RegisterWindowMessageA
PostMessageA
ChangeDisplaySettingsA

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
SetThreadToken
RevertToSelf
OpenThreadToken
RegOpenKeyA

shell32

SHGetFolderPathA
ShellExecuteExA
SHCreateDirectoryExA

ole32

CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoSuspendClassObjects
CoTaskMemAlloc
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
SysAllocString
VariantClear

hccutils

LoadSTRING

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

814068d68f02b829a57a99d8d743bd92

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

10:02:1a:27:d2:83:12:88:5c:61:3a:a4:98:58:0f:6fCertificate

Extended Key Usages

Key Usages

32:a9:8a:3f:10:e4:cd:59:7f:3c:70:ab:01:28:3b:96:27:8e:6b:b9Signer

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

kernel32

user32

advapi32

shell32

ole32

oleaut32

hccutils

Sections

.text Size: 299KB - Virtual size: 299KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 8KB - Virtual size: 17KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

10:02:1a:27:d2:83:12:88:5c:61:3a:a4:98:58:0f:6f
Certificate

32:a9:8a:3f:10:e4:cd:59:7f:3c:70:ab:01:28:3b:96:27:8e:6b:b9
Signer

.text
Size: 299KB - Virtual size: 299KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 8KB - Virtual size: 17KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 3KB