NEAS[.]dc2d6ff167a6f62d3297c3c3fbf02b10[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.dc2d6ff167a6f62d3297c3c3fbf02b10.exe
Size

72KB
MD5

dc2d6ff167a6f62d3297c3c3fbf02b10
SHA1

18f291bd8b3149c3eb8e32521668aa58ab8cbef6
SHA256

78d24020acb676bb0dd811365b5fb37c14ae892e0f0bca11fabac0f344409ff2
SHA512

dea57e62a83c24a6964cf40376d2fcaa6e46358b419199335601290eb8b82f5bbe80d75b09dc6ce1422d1f0b1ee85d5da927d1695e1c3035f22b9a733a1d3f20
SSDEEP

1536:XuXn4zLeATJvmzoHOK1VdHXEnkOFkLSGW4t+l27BIH/U:XUmLeUmz6HiggiBIH/U

Score

1^/10

Malware Config

Signatures

Files

NEAS.dc2d6ff167a6f62d3297c3c3fbf02b10.exe
.dll windows:6 windows

8c4535715e8b27abbc1e4e23f49f5b2a

Code Sign

33:00:00:00:74:f0:1e:99:d0:2a:28:6a:ca:00:00:00:00:00:74
Certificate

Issuer

CN=Microsoft Windows Phone Production PCA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 21:15

Not After

28/01/2017, 21:15

Subject

CN=Windows Phone,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/07/2012, 22:23

Not After

24/07/2027, 22:33

Subject

CN=Microsoft Windows Phone Production PCA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:6a:7a:23:2c:84:0c:d3:52:06:83:74:7f:af:d3:78:b6:6f:1e:5a:4b:82:48:56:f1:88:2d:f5:05:b4:10:b3
Signer

Actual PE Digest

8f:6a:7a:23:2c:84:0c:d3:52:06:83:74:7f:af:d3:78:b6:6f:1e:5a:4b:82:48:56:f1:88:2d:f5:05:b4:10:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__C_specific_handler
__std_type_info_destroy_list
memset
memcpy
_purecall

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vswscanf

api-ms-win-crt-convert-l1-1-0

_itow_s
wcstoul

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcslen
wcsncat_s
wcscmp
wcsncpy_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initterm
_cexit
_initterm_e
_crt_atexit
_execute_onexit_table
_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
_seh_filter_dll

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
WideCharToMultiByte

api-ms-win-core-file-l1-2-0

FindFirstFileW
FindClose
FindNextFileW
WriteFile

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessId
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
IsProcessorFeaturePresent
SwitchToThread
ExitProcess
GetCurrentThreadId
CreateThread

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-1

InitializeCriticalSectionAndSpinCount
Sleep
ResetEvent
TryEnterCriticalSection
CreateEventW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForSingleObjectEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetTickCount
GetSystemTimeAdjustment
GetNativeSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-1

GetEnvironmentVariableW
GetStdHandle

api-ms-win-core-libraryloader-l1-1-1

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FindResourceExW
LoadResource

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-interlocked-l1-1-1

InitializeSListHead

api-ms-win-core-kernel32-legacy-l1-1-0

GetConsoleWindow

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-obsolete-localization-l1-1-0

GetUserDefaultUILanguage

Exports

Exports

C2VectParallel
_vcomp_atomic_add_i1
_vcomp_atomic_add_i2
_vcomp_atomic_add_i4
_vcomp_atomic_add_i8
_vcomp_atomic_add_r4
_vcomp_atomic_add_r8
_vcomp_atomic_and_i1
_vcomp_atomic_and_i2
_vcomp_atomic_and_i4
_vcomp_atomic_and_i8
_vcomp_atomic_div_i1
_vcomp_atomic_div_i2
_vcomp_atomic_div_i4
_vcomp_atomic_div_i8
_vcomp_atomic_div_r4
_vcomp_atomic_div_r8
_vcomp_atomic_div_ui1
_vcomp_atomic_div_ui2
_vcomp_atomic_div_ui4
_vcomp_atomic_div_ui8
_vcomp_atomic_mul_i1
_vcomp_atomic_mul_i2
_vcomp_atomic_mul_i4
_vcomp_atomic_mul_i8
_vcomp_atomic_mul_r4
_vcomp_atomic_mul_r8
_vcomp_atomic_or_i1
_vcomp_atomic_or_i2
_vcomp_atomic_or_i4
_vcomp_atomic_or_i8
_vcomp_atomic_shl_i1
_vcomp_atomic_shl_i2
_vcomp_atomic_shl_i4
_vcomp_atomic_shl_i8
_vcomp_atomic_shr_i1
_vcomp_atomic_shr_i2
_vcomp_atomic_shr_i4
_vcomp_atomic_shr_i8
_vcomp_atomic_shr_ui1
_vcomp_atomic_shr_ui2
_vcomp_atomic_shr_ui4
_vcomp_atomic_shr_ui8
_vcomp_atomic_sub_i1
_vcomp_atomic_sub_i2
_vcomp_atomic_sub_i4
_vcomp_atomic_sub_i8
_vcomp_atomic_sub_r4
_vcomp_atomic_sub_r8
_vcomp_atomic_xor_i1
_vcomp_atomic_xor_i2
_vcomp_atomic_xor_i4
_vcomp_atomic_xor_i8
_vcomp_barrier
_vcomp_copyprivate_broadcast
_vcomp_copyprivate_receive
_vcomp_enter_critsect
_vcomp_flush
_vcomp_for_dynamic_init
_vcomp_for_dynamic_init_i8
_vcomp_for_dynamic_next
_vcomp_for_dynamic_next_i8
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_static_init_i8
_vcomp_for_static_simple_init
_vcomp_for_static_simple_init_i8
_vcomp_fork
_vcomp_get_thread_num
_vcomp_leave_critsect
_vcomp_master_barrier
_vcomp_master_begin
_vcomp_master_end
_vcomp_ordered_begin
_vcomp_ordered_end
_vcomp_ordered_loop_end
_vcomp_reduction_i1
_vcomp_reduction_i2
_vcomp_reduction_i4
_vcomp_reduction_i8
_vcomp_reduction_r4
_vcomp_reduction_r8
_vcomp_reduction_u1
_vcomp_reduction_u2
_vcomp_reduction_u4
_vcomp_reduction_u8
_vcomp_sections_init
_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_single_begin
_vcomp_single_end
omp_destroy_lock
omp_destroy_nest_lock
omp_get_dynamic
omp_get_max_threads
omp_get_nested
omp_get_num_procs
omp_get_num_threads
omp_get_thread_num
omp_get_wtick
omp_get_wtime
omp_in_parallel
omp_init_lock
omp_init_nest_lock
omp_set_dynamic
omp_set_lock
omp_set_nest_lock
omp_set_nested
omp_set_num_threads
omp_test_lock
omp_test_nest_lock
omp_unset_lock
omp_unset_nest_lock

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c4535715e8b27abbc1e4e23f49f5b2a

Code Sign

33:00:00:00:74:f0:1e:99:d0:2a:28:6a:ca:00:00:00:00:00:74Certificate

Extended Key Usages

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0bCertificate

Key Usages

8f:6a:7a:23:2c:84:0c:d3:52:06:83:74:7f:af:d3:78:b6:6f:1e:5a:4b:82:48:56:f1:88:2d:f5:05:b4:10:b3Signer

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-console-l2-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processenvironment-l1-1-1

api-ms-win-core-libraryloader-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-interlocked-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-obsolete-localization-l1-1-0

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 736B

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

33:00:00:00:74:f0:1e:99:d0:2a:28:6a:ca:00:00:00:00:00:74
Certificate

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0b
Certificate

8f:6a:7a:23:2c:84:0c:d3:52:06:83:74:7f:af:d3:78:b6:6f:1e:5a:4b:82:48:56:f1:88:2d:f5:05:b4:10:b3
Signer

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 736B

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB