NEAS[.]ec0fdc8e0906b2f3d782809b2a132150[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ec0fdc8e0906b2f3d782809b2a132150.exe
Size

36KB
MD5

ec0fdc8e0906b2f3d782809b2a132150
SHA1

ee624a330f7d54b8beb43ffd1bcde3ed061087cf
SHA256

a75021e188d90ce0bc7e0eba9a0a51a2d0f06cb22d1854cadf1360f259f27bba
SHA512

735966b7d185854540ece4bb87d734cb1bbdf2b68d6ed91fd6c101a6727aa255c49c07e1122d443cff4d518977ead626d5807782878f496f8d787d2168040412
SSDEEP

768:KOD1v7m97FR4z5cx6hkOpP/f3TU4dsAMxkEZp:/ZIH2cx6hbpP/f3TU4UxL

Score

1^/10

Malware Config

Signatures

Files

NEAS.ec0fdc8e0906b2f3d782809b2a132150.exe
.dll windows:4 windows x64

eca3e12d4ee7052c2e2e6882e074b4a8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01/05/2023, 00:00

Not After

31/07/2026, 23:59

Subject

CN=K Desktop Environment e. V.,O=K Desktop Environment e. V.,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:c9:04:ed:a5:be:ce:83:b1:23:95:7e:bf:08:6d:a1:24:1b:c9:5f:78:20:0c:ef:ae:00:fe:dd:b8:81:0d:f3
Signer

Actual PE Digest

ac:c9:04:ed:a5:be:ce:83:b1:23:95:7e:bf:08:6d:a1:24:1b:c9:5f:78:20:0c:ef:ae:00:fe:dd:b8:81:0d:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libkf5archive

_ZN4KZipC1EP9QIODevice
_ZN4KZipD1Ev
_ZN8KArchive4openE6QFlagsIN9QIODevice12OpenModeFlagEE
_ZNK17KArchiveDirectory5entryERK7QString
_ZNK8KArchive9directoryEv

qt5core

_Z7qstrcmpRK10QByteArrayPKc
_ZN10QArrayData10deallocateEPS_yy
_ZN10QByteArrayC1EPKci
_ZN15QtSharedPointer20ExternalRefCountData9getAndRefEPK7QObject
_ZN7QObject10childEventEP11QChildEvent
_ZN7QObject10timerEventEP11QTimerEvent
_ZN7QObject11customEventEP6QEvent
_ZN7QObject11eventFilterEPS_P6QEvent
_ZN7QObject13connectNotifyERK11QMetaMethod
_ZN7QObject16disconnectNotifyERK11QMetaMethod
_ZN7QObject5eventEP6QEvent
_ZN9QIODevice4peekEPcx
_ZNK11QObjectData17dynamicMetaObjectEv
_ZNK14QMessageLogger7warningEPKcz
_ZNK9QIODevice10isReadableEv
_ZNK9QIODevice6isOpenEv

qt5gui

_ZN14QImageIOPlugin11qt_metacallEN11QMetaObject4CallEiPPv
_ZN14QImageIOPlugin11qt_metacastEPKc
_ZN14QImageIOPlugin16staticMetaObjectE
_ZN14QImageIOPluginC2EP7QObject
_ZN14QImageIOPluginD2Ev
_ZN15QImageIOHandler11jumpToImageEi
_ZN15QImageIOHandler15jumpToNextImageEv
_ZN15QImageIOHandler5writeERK6QImage
_ZN15QImageIOHandler9setDeviceEP9QIODevice
_ZN15QImageIOHandler9setFormatERK10QByteArray
_ZN15QImageIOHandler9setOptionENS_11ImageOptionERK8QVariant
_ZN15QImageIOHandlerC2Ev
_ZN15QImageIOHandlerD2Ev
_ZN6QImage12loadFromDataEPKhiPKc
_ZNK15QImageIOHandler10imageCountEv
_ZNK15QImageIOHandler14nextImageDelayEv
_ZNK15QImageIOHandler14supportsOptionENS_11ImageOptionE
_ZNK15QImageIOHandler16currentImageRectEv
_ZNK15QImageIOHandler18currentImageNumberEv
_ZNK15QImageIOHandler4nameEv
_ZNK15QImageIOHandler6deviceEv
_ZNK15QImageIOHandler6optionENS_11ImageOptionE
_ZNK15QImageIOHandler9loopCountEv
_ZNK15QImageIOHandler9setFormatERK10QByteArray

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
realloc
strcmp
strlen
strncmp
vfprintf

libstdc++-6

_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZdlPv
_ZdlPvy
_Znwy
__cxa_guard_acquire
__cxa_guard_release

Exports

Exports

_ZN10OraHandler4readEP6QImage
_ZN10OraHandler7canReadEP9QIODevice
_ZN10OraHandlerC1Ev
_ZN10OraHandlerC2Ev
_ZN10OraHandlerD0Ev
_ZN10OraHandlerD1Ev
_ZN9OraPlugin11qt_metacallEN11QMetaObject4CallEiPPv
_ZN9OraPlugin11qt_metacastEPKc
_ZN9OraPlugin16staticMetaObjectE
_ZN9OraPlugin18qt_static_metacallEP7QObjectN11QMetaObject4CallEiPPv
_ZN9OraPluginD0Ev
_ZN9OraPluginD1Ev
_ZNK10OraHandler7canReadEv
_ZNK9OraPlugin10metaObjectEv
_ZNK9OraPlugin12capabilitiesEP9QIODeviceRK10QByteArray
_ZNK9OraPlugin6createEP9QIODeviceRK10QByteArray
_ZTI10OraHandler
_ZTI14QImageIOPlugin
_ZTI15QImageIOHandler
_ZTI7QObject
_ZTI9OraPlugin
_ZTS10OraHandler
_ZTS14QImageIOPlugin
_ZTS15QImageIOHandler
_ZTS7QObject
_ZTS9OraPlugin
_ZTV10OraHandler
_ZTV9OraPlugin
qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/16
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eca3e12d4ee7052c2e2e6882e074b4a8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ac:c9:04:ed:a5:be:ce:83:b1:23:95:7e:bf:08:6d:a1:24:1b:c9:5f:78:20:0c:ef:ae:00:fe:dd:b8:81:0d:f3Signer

Headers

DLL Characteristics

File Characteristics

Imports

libkf5archive

qt5core

qt5gui

kernel32

msvcrt

libstdc++-6

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 2KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 128B

.pdata Size: 1024B - Virtual size: 684B

.xdata Size: 512B - Virtual size: 496B

.bss Size: - Virtual size: 288B

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 188B

/16 Size: 512B - Virtual size: 24B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ac:c9:04:ed:a5:be:ce:83:b1:23:95:7e:bf:08:6d:a1:24:1b:c9:5f:78:20:0c:ef:ae:00:fe:dd:b8:81:0d:f3
Signer

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 2KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 128B

.pdata
Size: 1024B - Virtual size: 684B

.xdata
Size: 512B - Virtual size: 496B

.bss
Size: - Virtual size: 288B

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 188B

/16
Size: 512B - Virtual size: 24B