NEAS[.]13b527d5e359e30407efc069483c4aa0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.13b527d5e359e30407efc069483c4aa0.exe
Size

1.0MB
MD5

13b527d5e359e30407efc069483c4aa0
SHA1

2ed208c9f544c95b61f0e84ae16bb81e817b6489
SHA256

167d76a4cb3cec6fbfac71cd2d6fd02e95269883a1d2ead038c0a574b103c245
SHA512

116261d230bd8f11b715ae093c10465036b7404fef603fe9795640d673cb145d00ccd2de1d8f38b23c0f3c617f346fa0d217af6f84563d07ad76e59c9c1e9030
SSDEEP

12288:IAUQNL43okYsYB5uBpDRTCpCRE6ei3KmOsbBtO8wZOiyG8wkR44Te9SD48m3KUU6:FNL43okLYB5uBtfi/gbTRtidwo

Score

1^/10

Malware Config

Signatures

Files

NEAS.13b527d5e359e30407efc069483c4aa0.exe
.dll windows:4 windows x64

dc85c910be5ac503916de41c10fe7ef9

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:16:ae:9f:0a:11:d3:80:47:cd:da:82:37:69:f5:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/02/2016, 00:00

Not After

22/04/2019, 12:00

Subject

CN=Wireshark Foundation\, Inc.,O=Wireshark Foundation\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:16:ae:9f:0a:11:d3:80:47:cd:da:82:37:69:f5:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/02/2016, 00:00

Not After

22/04/2019, 12:00

Subject

CN=Wireshark Foundation\, Inc.,O=Wireshark Foundation\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f3:57:2c:c3:ff:51:dd:17:36:58:1b:ea:35:8e:ad:2a:98:37:4e:52:e7:fa:14:06:a6:c7:ec:b4:4a:fe:1b:f1
Signer

Actual PE Digest

f3:57:2c:c3:ff:51:dd:17:36:58:1b:ea:35:8e:ad:2a:98:37:4e:52:e7:fa:14:06:a6:c7:ec:b4:4a:fe:1b:f1

Digest Algorithm

sha256

PE Digest Matches

true

cb:e2:0e:cc:41:ab:8f:f7:e3:94:64:35:08:e2:31:3e:33:47:b2:e5
Signer

Actual PE Digest

cb:e2:0e:cc:41:ab:8f:f7:e3:94:64:35:08:e2:31:3e:33:47:b2:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgpg-error6-0

gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_set_errno
gpg_strerror
gpg_strsource
gpgrt_lock_destroy
gpgrt_lock_init
gpgrt_lock_lock
gpgrt_lock_unlock

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
OpenFileMappingA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_errno
_exit
_fstat64
_initterm
_lock
_onexit
_snwprintf
_time64
_unlock
_vsnprintf
abort
atoi
calloc
clock
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fread
free
fwprintf
fwrite
getenv
iscntrl
isspace
isxdigit
malloc
memcmp
memcpy
memmove
memset
raise
realloc
signal
sprintf
strchr
strcmp
strcpy
strerror
strlen
strncmp
strpbrk
strtoul
vfprintf
wcscpy
_write
_stricmp
_read
_open
_getpid
_close
_access

user32

GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
MessageBoxW

Exports

Exports

_gcry_mpi_get_const
gcry_calloc
gcry_calloc_secure
gcry_check_version
gcry_cipher_algo_info
gcry_cipher_algo_name
gcry_cipher_authenticate
gcry_cipher_checktag
gcry_cipher_close
gcry_cipher_ctl
gcry_cipher_decrypt
gcry_cipher_encrypt
gcry_cipher_get_algo_blklen
gcry_cipher_get_algo_keylen
gcry_cipher_gettag
gcry_cipher_info
gcry_cipher_map_name
gcry_cipher_mode_from_oid
gcry_cipher_open
gcry_cipher_setctr
gcry_cipher_setiv
gcry_cipher_setkey
gcry_control
gcry_create_nonce
gcry_ctx_release
gcry_err_code_from_errno
gcry_err_code_to_errno
gcry_err_make_from_errno
gcry_error_from_errno
gcry_free
gcry_is_secure
gcry_kdf_derive
gcry_log_debug
gcry_log_debughex
gcry_log_debugmpi
gcry_log_debugpnt
gcry_log_debugsxp
gcry_mac_algo_info
gcry_mac_algo_name
gcry_mac_close
gcry_mac_ctl
gcry_mac_get_algo
gcry_mac_get_algo_keylen
gcry_mac_get_algo_maclen
gcry_mac_map_name
gcry_mac_open
gcry_mac_read
gcry_mac_setiv
gcry_mac_setkey
gcry_mac_verify
gcry_mac_write
gcry_malloc
gcry_malloc_secure
gcry_md_algo_info
gcry_md_algo_name
gcry_md_close
gcry_md_copy
gcry_md_ctl
gcry_md_debug
gcry_md_enable
gcry_md_extract
gcry_md_get_algo
gcry_md_get_algo_dlen
gcry_md_hash_buffer
gcry_md_hash_buffers
gcry_md_info
gcry_md_is_enabled
gcry_md_is_secure
gcry_md_map_name
gcry_md_open
gcry_md_read
gcry_md_reset
gcry_md_setkey
gcry_md_write
gcry_mpi_abs
gcry_mpi_add
gcry_mpi_add_ui
gcry_mpi_addm
gcry_mpi_aprint
gcry_mpi_clear_bit
gcry_mpi_clear_flag
gcry_mpi_clear_highbit
gcry_mpi_cmp
gcry_mpi_cmp_ui
gcry_mpi_copy
gcry_mpi_div
gcry_mpi_dump
gcry_mpi_ec_add
gcry_mpi_ec_curve_point
gcry_mpi_ec_decode_point
gcry_mpi_ec_dup
gcry_mpi_ec_get_affine
gcry_mpi_ec_get_mpi
gcry_mpi_ec_get_point
gcry_mpi_ec_mul
gcry_mpi_ec_new
gcry_mpi_ec_set_mpi
gcry_mpi_ec_set_point
gcry_mpi_ec_sub
gcry_mpi_gcd
gcry_mpi_get_flag
gcry_mpi_get_nbits
gcry_mpi_get_opaque
gcry_mpi_invm
gcry_mpi_is_neg
gcry_mpi_lshift
gcry_mpi_mod
gcry_mpi_mul
gcry_mpi_mul_2exp
gcry_mpi_mul_ui
gcry_mpi_mulm
gcry_mpi_neg
gcry_mpi_new
gcry_mpi_point_get
gcry_mpi_point_new
gcry_mpi_point_release
gcry_mpi_point_set
gcry_mpi_point_snatch_get
gcry_mpi_point_snatch_set
gcry_mpi_powm
gcry_mpi_print
gcry_mpi_randomize
gcry_mpi_release
gcry_mpi_rshift
gcry_mpi_scan
gcry_mpi_set
gcry_mpi_set_bit
gcry_mpi_set_flag
gcry_mpi_set_highbit
gcry_mpi_set_opaque
gcry_mpi_set_opaque_copy
gcry_mpi_set_ui
gcry_mpi_snatch
gcry_mpi_snew
gcry_mpi_sub
gcry_mpi_sub_ui
gcry_mpi_subm
gcry_mpi_swap
gcry_mpi_test_bit
gcry_pk_algo_info
gcry_pk_algo_name
gcry_pk_ctl
gcry_pk_decrypt
gcry_pk_encrypt
gcry_pk_genkey
gcry_pk_get_curve
gcry_pk_get_keygrip
gcry_pk_get_nbits
gcry_pk_get_param
gcry_pk_map_name
gcry_pk_sign
gcry_pk_testkey
gcry_pk_verify
gcry_prime_check
gcry_prime_generate
gcry_prime_group_generator
gcry_prime_release_factors
gcry_pubkey_get_sexp
gcry_random_add_bytes
gcry_random_bytes
gcry_random_bytes_secure
gcry_randomize
gcry_realloc
gcry_set_allocation_handler
gcry_set_fatalerror_handler
gcry_set_gettext_handler
gcry_set_log_handler
gcry_set_outofcore_handler
gcry_set_progress_handler
gcry_sexp_alist
gcry_sexp_append
gcry_sexp_build
gcry_sexp_build_array
gcry_sexp_cadr
gcry_sexp_canon_len
gcry_sexp_car
gcry_sexp_cdr
gcry_sexp_cons
gcry_sexp_create
gcry_sexp_dump
gcry_sexp_extract_param
gcry_sexp_find_token
gcry_sexp_length
gcry_sexp_new
gcry_sexp_nth
gcry_sexp_nth_buffer
gcry_sexp_nth_data
gcry_sexp_nth_mpi
gcry_sexp_nth_string
gcry_sexp_prepend
gcry_sexp_release
gcry_sexp_sprint
gcry_sexp_sscan
gcry_sexp_vlist
gcry_strdup
gcry_strerror
gcry_strsource
gcry_xcalloc
gcry_xcalloc_secure
gcry_xmalloc
gcry_xmalloc_secure
gcry_xrealloc
gcry_xstrdup

Sections

.text
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc85c910be5ac503916de41c10fe7ef9

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:16:ae:9f:0a:11:d3:80:47:cd:da:82:37:69:f5:20Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:16:ae:9f:0a:11:d3:80:47:cd:da:82:37:69:f5:20Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

f3:57:2c:c3:ff:51:dd:17:36:58:1b:ea:35:8e:ad:2a:98:37:4e:52:e7:fa:14:06:a6:c7:ec:b4:4a:fe:1b:f1Signer

cb:e2:0e:cc:41:ab:8f:f7:e3:94:64:35:08:e2:31:3e:33:47:b2:e5Signer

Headers

File Characteristics

Imports

libgpg-error6-0

advapi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 776KB - Virtual size: 776KB

.data Size: 24KB - Virtual size: 24KB

.rdata Size: 181KB - Virtual size: 180KB

.pdata Size: 14KB - Virtual size: 14KB

.xdata Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 3KB

.edata Size: 6KB - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:16:ae:9f:0a:11:d3:80:47:cd:da:82:37:69:f5:20
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:16:ae:9f:0a:11:d3:80:47:cd:da:82:37:69:f5:20
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

f3:57:2c:c3:ff:51:dd:17:36:58:1b:ea:35:8e:ad:2a:98:37:4e:52:e7:fa:14:06:a6:c7:ec:b4:4a:fe:1b:f1
Signer

cb:e2:0e:cc:41:ab:8f:f7:e3:94:64:35:08:e2:31:3e:33:47:b2:e5
Signer

.text
Size: 776KB - Virtual size: 776KB

.data
Size: 24KB - Virtual size: 24KB

.rdata
Size: 181KB - Virtual size: 180KB

.pdata
Size: 14KB - Virtual size: 14KB

.xdata
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 6KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB