NEAS[.]f9a6deac2776a85f23b55e044cd4bc10[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f9a6deac2776a85f23b55e044cd4bc10.exe
Size

364KB
MD5

f9a6deac2776a85f23b55e044cd4bc10
SHA1

53b0af19daf5fa99f161f04e29f5b2f9b960e3a4
SHA256

bf98ee87e50a6682e5fb1a7f43a2f2ed312c3de7b1ea112808777e519706c32a
SHA512

3615cfc36856e86f7452a49e2bf48a7fd4875cdcc2cc88bfda5b15052faa3a79c705bd7d7c77d5c28dc9a646def724bfbac48f4eb401b10b3e1d0a93b860f8c6
SSDEEP

6144:PdqdN1KuCKADnHT8K7CPIRp7OJRiUXSuAgYTt3hrZlC19qFKkjW3:PdnuqHT8K+A/OJRiUfwh7FU3

Score

1^/10

Malware Config

Signatures

Files

NEAS.f9a6deac2776a85f23b55e044cd4bc10.exe
.exe windows:5 windows x64

19f269125838ff5b2d8d6328b0effd49

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:a6:86:a1:22:90:59:01:7a:67:21:36:ac:2e:72:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/12/2006, 00:00

Not After

10/01/2010, 23:59

Subject

CN=Dell Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Dell Inc.,L=Round Rock,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:61:d7:b2:d7:ec:98:79:7b:95:2b:78:bc:7b:88:5e:f2:ba:fd:72
Signer

Actual PE Digest

45:61:d7:b2:d7:ec:98:79:7b:95:2b:78:bc:7b:88:5e:f2:ba:fd:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

StringFromCLSID
CoRegisterClassObject
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoRevokeClassObject
CoCreateInstance
CoSetProxyBlanket

wtsapi32

WTSQueryUserToken

powrprof

SetSuspendState

kernel32

WritePrivateProfileStringW
GlobalFlags
WriteFile
SetFilePointer
FlushFileBuffers
GetShortPathNameW
lstrlenA
SetErrorMode
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
HeapAlloc
ExitProcess
HeapReAlloc
HeapQueryInformation
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalGetAtomNameW
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
WideCharToMultiByte
lstrcmpW
GetModuleHandleW
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
GetCurrentThreadId
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
WTSGetActiveConsoleSessionId
CreateThread
CreateEventW
Sleep
SetEvent
WaitForSingleObject
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
FormatMessageW
LocalFree
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStartupInfoW

user32

InflateRect
GetMenuItemInfoW
SystemParametersInfoW
UnregisterClassW
DestroyIcon
LoadCursorW
GetSysColorBrush
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetWindowTextW
RegisterWindowMessageW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
DefWindowProcW
CallWindowProcW
PtInRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetClassNameW
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
WinHelpW
SetWindowPos
SetFocus
IsWindowEnabled
EqualRect
GetDlgItem
GetDlgCtrlID
LoadIconW
GetCapture
LoadAcceleratorsW
SetActiveWindow
InvalidateRect
UpdateWindow
InsertMenuItemW
CreatePopupMenu
GetClassInfoW
IntersectRect
OffsetRect
PostMessageW
SendMessageW
GetWindowRect
GetClientRect
SetRectEmpty
CopyRect
GetMenu
GetLastActivePopup
BringWindowToTop
SetMenu
ShowWindow
GetWindow
IsWindow
EnableWindow
TranslateAcceleratorW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
MessageBoxW
GetWindowLongW
SetWindowLongW
GetForegroundWindow
GetWindowThreadProcessId
IsIconic
GetDesktopWindow
SetForegroundWindow
GetParent
ReleaseDC
GetDC
ReleaseCapture

gdi32

CreateSolidBrush
GetTextExtentPoint32W
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateCompatibleBitmap
SelectObject
DeleteObject
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePatternBrush
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueW
PrivilegeCheck
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
ImpersonateLoggedOnUser
CreateProcessAsUserW
RevertToSelf
RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegDeleteValueW

shell32

ExtractIconW
DragQueryFileW
DragFinish

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
SafeArrayPutElement
SafeArrayCreateVector
VariantCopy
SysStringByteLen
VariantChangeType

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19f269125838ff5b2d8d6328b0effd49

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

18:a6:86:a1:22:90:59:01:7a:67:21:36:ac:2e:72:65Certificate

Extended Key Usages

Key Usages

45:61:d7:b2:d7:ec:98:79:7b:95:2b:78:bc:7b:88:5e:f2:ba:fd:72Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ole32

wtsapi32

powrprof

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

oleaut32

userenv

Sections

.text Size: 223KB - Virtual size: 222KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 36KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 22KB - Virtual size: 22KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

18:a6:86:a1:22:90:59:01:7a:67:21:36:ac:2e:72:65
Certificate

45:61:d7:b2:d7:ec:98:79:7b:95:2b:78:bc:7b:88:5e:f2:ba:fd:72
Signer

.text
Size: 223KB - Virtual size: 222KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 36KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 22KB - Virtual size: 22KB