NEAS[.]d4437fba226da44f691a4878cc6a1700[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d4437fba226da44f691a4878cc6a1700.exe
Size

307KB
MD5

d4437fba226da44f691a4878cc6a1700
SHA1

44c5c92409f52d4825d44df77af5136a9c3a1149
SHA256

5cf6da8b56d79c3face2f2b87da9f2f2b9f9ffd5ab365c967602b51d8dab3e72
SHA512

b5dcd5254da712b98c359bfdb921dcf861b8b99303bd40581ac25817c4965b95f395afb6662dd4fb398dd10234fc5d9a6271a043bf9e0bc0d3a9a755771931bc
SSDEEP

3072:KBIIzDXJ47IYZRThTX8e7Fkc1ojYu7ySW3zGpQQsnQ4Aj2scBF+5q5SWGEHm+5zA:MzTJ47dZRTr7C1M3LSpO7mAJNE

Score

1^/10

Malware Config

Signatures

Files

NEAS.d4437fba226da44f691a4878cc6a1700.exe
.exe windows:6 windows x64

ec75dde276471ee504326b3f124d0009

Code Sign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16/02/2006, 18:01

Not After

19/02/2016, 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:ac:e8:bf:00:01:00:00:8f:1d
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

20/07/2012, 21:06

Not After

15/05/2015, 19:35

Subject

CN=Intel Corporation - pGFX,OU=Intel Architecture Group,O=Intel Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1e:80:b7:00:00:00:00:00:07
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

15/05/2009, 19:25

Not After

15/05/2015, 19:35

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:fc:2f:19:1a:eb:04:8d:d5:ee:22:2c:8d:ae:a1:dc:01:0a:77:ba
Signer

Actual PE Digest

cb:fc:2f:19:1a:eb:04:8d:d5:ee:22:2c:8d:ae:a1:dc:01:0a:77:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetEndOfFile
SetFilePointer
CreateFileW
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
InitializeCriticalSectionEx
WTSGetActiveConsoleSessionId
GetSystemDirectoryW
CreateProcessW
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentThread
CreateThread
GetCurrentProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
CloseHandle
DecodePointer
GetCommandLineW
LoadLibraryW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
SetLastError
WriteConsoleW
GetLastError
IsValidLocale
GetLocaleInfoW
LCMapStringW
OutputDebugStringW
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
WideCharToMultiByte
HeapReAlloc
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetFileType
GetProcessHeap
LocalFree
HeapFree
HeapAlloc
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
RtlPcToFileHeader
GetCPInfo
DeleteFileW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile

user32

LoadStringW
DispatchMessageW
PostThreadMessageW
CharUpperW
CharNextW
MessageBoxW
TranslateMessage
GetMessageW

advapi32

RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
CreateProcessAsUserW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
StartServiceW

ole32

CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoInitializeSecurity
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
CoTaskMemRealloc
PropVariantClear

oleaut32

LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
RegisterTypeLi
SysAllocStringByteLen
VarBstrCat
SysAllocStringLen
UnRegisterTypeLi

shlwapi

PathFileExistsW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec75dde276471ee504326b3f124d0009

Code Sign

05:b0:ffCertificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:0b:dc:8f:00:00:00:00:00:1aCertificate

Key Usages

1f:ac:e8:bf:00:01:00:00:8f:1dCertificate

Extended Key Usages

Key Usages

61:1e:80:b7:00:00:00:00:00:07Certificate

Key Usages

cb:fc:2f:19:1a:eb:04:8d:d5:ee:22:2c:8d:ae:a1:dc:01:0a:77:baSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

setupapi

userenv

wtsapi32

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 12KB - Virtual size: 38KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 5KB

05:b0:ff
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

1f:ac:e8:bf:00:01:00:00:8f:1d
Certificate

61:1e:80:b7:00:00:00:00:00:07
Certificate

cb:fc:2f:19:1a:eb:04:8d:d5:ee:22:2c:8d:ae:a1:dc:01:0a:77:ba
Signer

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 12KB - Virtual size: 38KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 5KB