NEAS[.]30863182c347b56ddc2c9b4e3464d6d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.30863182c347b56ddc2c9b4e3464d6d0.exe
Size

384KB
MD5

30863182c347b56ddc2c9b4e3464d6d0
SHA1

487cc2e8b4e038425c06644dbfeaef0ffd2a6d25
SHA256

18a39f7f6325ee0069e7f8cfd0536316bd86a3a3431ec14249cd2388bf89028f
SHA512

793528aa55c46a5deb6c6b9efed7770a5c83c6f7a95cb82a37a76dfd8c47d7158d2e112418b8b60e969c71833fae740877673b785990c1656f6818897230ed5c
SSDEEP

6144:c2P2+ECjHOhMgrFGGjASCcHCLjACsXS7TXOBkbE4C:c62PC6hMD+APcHCPACsXS7TXOBkbk

Score

1^/10

Malware Config

Signatures

Files

NEAS.30863182c347b56ddc2c9b4e3464d6d0.exe
.exe windows:5 windows x64

5b55f0c094b501270b5b75a2188c9950

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:c0:8f:e5:c2:54:55:dc:3f:8a:c7:26:df:b9:7c:96
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/10/2014, 00:00

Not After

07/11/2015, 23:59

Subject

CN=Symantec Corporation,OU=IMG - NetBackup,O=Symantec Corporation,L=Roseville,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:37:b3:1f:c8:86:a8:8b:a8:6f:15:21:fa:dc:cf:b0:bc:e1:fe:95
Signer

Actual PE Digest

81:37:b3:1f:c8:86:a8:8b:a8:6f:15:21:fa:dc:cf:b0:bc:e1:fe:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libnbbase

logmsg
vnet_set_netbackup_daemon
V_gmtime
vnet_same_host
vnet_is_master_server
vnet_is_emm_server
log_set_process_bpconf_verbose
retrieveLocalServerPatchVersion
nb_getpeername
vnet_sockAddrNtoP
ManageLockFileNT
extra_tries_on_connect
vnet_connect_to_service
vnet_check_vxss_client_magic
media_name_str
ROBOTStatusErr
vnet_getifaddrs
vnet_freeaddrinfo
FormatErrorMessageStr
vnet_get_host_version_ipi
overide_connect_timeout
vnet_is_local_host
vnet_is_ip_string
vnet_sockAddrPtoN
vnet_cached_getnameinfo
ovgetlocaleEx
V_Openlog
V_basename
StartSrv
IsAdmin
open_logging_file
vnet_cached_gethostent
vnet_free_vnet_hostent
VssInit
V_strlcpy
vnet_normalize_security_info
V_localtime
daemon_startup_listeners
daemon_select_and_accept
daemon_shutdown_listeners
vnet_vxss_cleanup
vnet_check_vxss_server_magic
vnet_check_vxss_server_list
put_short
V_tempnam
get_dir_list
ovgetmsg
NbLog_Extract_Date_From_Filename
getECmsg
logmsgf
free_dir_list
vnet_closesocket
winsock_start
rob_str
GetErrorMessage
newNTCmdLine
FreeNTCmdLine
getAxxionString
read_AD_HOC_config_entry
V_Syslog
V_Closelog
winsock_stop
NB_exit
pool_full_str
nbconf_set_info
nbconf_get_info
nbconf_free_info
get_adaptable_string
V_strlncpy
V_strlcat
put_string
get_string
sysErrorString
V_sscanf
hosts_equal
V_snprintf

emmlib

emmlib_AddMachineConfig
emmlib_UpdateMachineConfig
emmlib_ListServers
emmlib_QueryVersion
emmlib_AddNewHost
emmlib_UpdateHostEx
emmlib_UpdateHost
emmlib_GetMachineAliasList
emmlib_AddMachineAlias
emmlib_GetApplicationClusterList
emmlib_UpdateActiveApplicationClusters
emmlib_QueryMachineConfig
emmlib_SetDriveStatus
emmlib_RequestDriveAllocation
emmlib_DeAllocateDrive
emmlib_GetHost
emmlib_GetHostAndSharedDriveLists
emmlib_UpdateMachineState
emmlib_ReleaseRobDriveList
emmlib_GetDriveScanList
MapEmmMedia
emmlib_DeviceConfigByGlobDb
emmlib_DeleteGlobDbRecord
emmlib_GetDeviceList
emmlib_DeviceUpdateByGlobDb
emmlib_GetGlobDbFromEMM
emmlib_AddMediaPool
emmlib_QueryScratchByPool2
emmlib_AssignById
emmlib_AddNewPlatter
emmlib_AddNewVolume
emmlib_GetVolgrpList
emmlib_DeleteVolgroup
emmlib_DeleteMedia
emmlib_ChangeVolgrpRes
emmlib_MediaChangeResidence
emmlib_IsInitialized
emmlib_setConnectTimeout
emmlib_initialize
emmlib_setRequestTimeout
emmlib_ChangeVolumeRobotNumber
emmlib_MediaQueryOne
emmlib_ChangeRsmGuid
emmlib_MediaUpdateOne
emmlib_UpdateMountStat
emmlib_MediaQueryExecuteEx
emmlib_MediaQueryFetchEx
emmlib_ReleaseResultSet
emmlib_uninitialize
emmlib_ListBarcodeRule
emmlib_DeleteBarcodeRule
emmlib_UpdateBarcodeRule
emmlib_AddBarcodeRule
emmlib_ListMediaPool
emmlib_GetMediaPool
emmlib_DeleteMediaPool
emmlib_UpdateMediaPool
emmlib_SetMediaPoolAttr

libvbp

valid_media_in_robot
valid_vendor_media_in_robot
get_robot_data
get_expiration
MultiHostedIsAllowed
NDMPIsAllowed
RemoteClientIsAllowed
valid_mtype_in_robot
RemoteHostIsAllowed

libvnbaz

VssAzInit
VssAzAuthorize
VssAzSetNBUServer

libnbccl

IsActive

kernel32

Sleep
WaitForSingleObject
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
CreatePipe
ReadFile
GetExitCodeProcess
CreateFileA
CreateEventA
GetVersionExA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
OpenSemaphoreA
CreateSemaphoreA
ReleaseSemaphore
ResetEvent
GetCurrentProcess
DuplicateHandle
GetLastError
CreateProcessA
CloseHandle
SetEvent

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegConnectRegistryA

ws2_32

setsockopt
gethostname
getsockname
WSAGetLastError

msvcr100

fseek
fgetpos
fsetpos
fgetc
fputs
putc
rewind
strrchr
_stat64i32
strtol
mbstowcs
iswctype
remove
fgets
isspace
islower
realloc
_stricmp
atol
fopen
fclose
__iob_func
fprintf
calloc
_access
toupper
memcpy
strncmp
strcspn
memset
isdigit
_strnicmp
strspn
strftime
_amsg_exit
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
free
__crt_debugger_hook
?terminate@@YAXXZ
_time64
_strdup
_mkdir
_unlink
_getpid
_close
_umask
_read
_open
_fdopen
strerror
_errno
malloc
isalnum
atoi
strchr

Sections

.text
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b55f0c094b501270b5b75a2188c9950

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

49:c0:8f:e5:c2:54:55:dc:3f:8a:c7:26:df:b9:7c:96Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

81:37:b3:1f:c8:86:a8:8b:a8:6f:15:21:fa:dc:cf:b0:bc:e1:fe:95Signer

Headers

DLL Characteristics

File Characteristics

Imports

libnbbase

emmlib

libvbp

libvnbaz

libnbccl

kernel32

advapi32

ws2_32

msvcr100

Sections

.text Size: 246KB - Virtual size: 246KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 17KB - Virtual size: 52KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

49:c0:8f:e5:c2:54:55:dc:3f:8a:c7:26:df:b9:7c:96
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

81:37:b3:1f:c8:86:a8:8b:a8:6f:15:21:fa:dc:cf:b0:bc:e1:fe:95
Signer

.text
Size: 246KB - Virtual size: 246KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 17KB - Virtual size: 52KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB