NEAS[.]5b10272ad2e73b229c14bc2209798870[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5b10272ad2e73b229c14bc2209798870.exe
Size

206KB
MD5

5b10272ad2e73b229c14bc2209798870
SHA1

398093ed10815b1d7ec7f1bf9ba3c2dcda5c8ce9
SHA256

f4d6401d0e4b0e85697d0934a74277cc43482f8ee42d99acb629c3cc9e95bc75
SHA512

23fd50136a67ff0e87f9950a28f2148f24cc517fecd57eade77b052ef9de76e3e872e70ab36fad909aabfa3e1ef5380bac6b4c577ad8e713a57711363326a860
SSDEEP

3072:8nY9tqi07/+8qZip+YRADRddUpBYzkcGSaUyRt6umF4T/L+htRTA5M9Qfcl:8Y9P07/O2+UGd0HPRhT/L+hU5wkcl

Score

1^/10

Malware Config

Signatures

Files

NEAS.5b10272ad2e73b229c14bc2209798870.exe
.exe windows:4 windows x86

9d53547e2efa39438a541baca1510d96

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:9d:0d:35:8a:e0:ae:f4:07:c4:2b:56:f6:b9:95:3a:f6:11:a6:21
Signer

Actual PE Digest

26:9d:0d:35:8a:e0:ae:f4:07:c4:2b:56:f6:b9:95:3a:f6:11:a6:21

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
SearchPathW
GetWindowsDirectoryA
CopyFileA
lstrcmpiA
CompareStringA
GetLocaleInfoW
GetSystemTime
GetVolumeInformationW
GetFileAttributesA
OpenMutexW
CreateEventW
GetThreadPriority
lstrcpyn
IsBadStringPtrW
GetAtomNameW
ExitThread
GetExpandedNameA
GetCalendarInfoW
SetThreadPriority
CreateDirectoryW
OpenFile
GetFullPathNameA
IsBadWritePtr
GetNumberFormatW
GetProcessHeap
CreateEventA
SetPriorityClass
GetProcAddress
LocalFree
FreeResource
GetModuleHandleA
EndUpdateResourceW
lstrlenW

user32

IsChild
SetFocus
SetDlgItemTextA
GetMenuItemRect
CopyIcon
DefFrameProcW
CopyRect
AnimateWindow
EndMenu
EnumChildWindows
CreateDesktopA
CharNextA
wsprintfW
GetDlgItemTextW
GetAsyncKeyState
SetForegroundWindow
PostMessageA
EnumWindows
CreateDialogIndirectParamW
GetCapture
CharPrevW
GetMenuStringA
FrameRect
RegisterWindowMessageW
FindWindowW
LoadIconW
CloseWindow
wvsprintfA
CreateAcceleratorTableW
MessageBoxIndirectW
RegisterClassExA
SetCapture
IsMenu
LoadCursorW
CallWindowProcA
SetWindowLongW
GetMenuItemInfoW
TrackPopupMenuEx
DefDlgProcW
SetTimer
CharUpperW
GetCursorPos
GetMenuStringW
GetDCEx
MessageBoxW
GetSysColorBrush
SetCursorPos
CheckRadioButton
CreateWindowExW

gdi32

SetMetaRgn
RealizePalette
CreateFontIndirectExW
GetWorldTransform
CreatePalette
OffsetViewportOrgEx
SetMapperFlags
AnimatePalette
OffsetRgn
SetPixel
EndFormPage

advapi32

RegFlushKey
RegCreateKeyExW
RegQueryValueW
RegCreateKeyExA
RegOpenKeyW

shell32

ShellExecuteW
ShellExecuteA
ExtractIconW
StrNCmpA
ExtractIconExA
ExtractAssociatedIconExW
SHGetDiskFreeSpaceExA
StrChrW

shlwapi

UrlCombineA

setupapi

SetupGetStringFieldA
SetupDiGetSelectedDevice
CM_Open_DevNode_Key_Ex
CM_Find_Range
SetupDiGetHwProfileFriendlyNameExA
SetupVerifyInfFileA
pSetupIsUserAdmin
SetupDiDrawMiniIcon
pSetupAddMiniIconToList
SetupUninstallOEMInfA
CM_Get_Log_Conf_Priority

wininet

FindNextUrlCacheContainerA
CreateMD5SSOHash
FtpDeleteFileA
InternetGetConnectedStateEx
InternetWriteFile
InternetGetCookieExW
CommitUrlCacheEntryA
UrlZonesDetach
SetUrlCacheEntryInfoA
InternetEnumPerSiteCookieDecisionW
HttpSendRequestExW
UnlockUrlCacheEntryFileW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Omw
Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.A
Size: 1KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vcmkEH
Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FtWC
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Pqc
Size: 2KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Lj
Size: 2KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d53547e2efa39438a541baca1510d96

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

26:9d:0d:35:8a:e0:ae:f4:07:c4:2b:56:f6:b9:95:3a:f6:11:a6:21Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

setupapi

wininet

Sections

.text Size: 12KB - Virtual size: 12KB

.Omw Size: 1KB - Virtual size: 33KB

.A Size: 1KB - Virtual size: 38KB

.vcmkEH Size: 4KB - Virtual size: 46KB

.FtWC Size: 2KB - Virtual size: 45KB

.Pqc Size: 2KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 7KB

.Lj Size: 2KB - Virtual size: 182KB

.rsrc Size: 165KB - Virtual size: 165KB

.reloc Size: 1024B - Virtual size: 940B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

26:9d:0d:35:8a:e0:ae:f4:07:c4:2b:56:f6:b9:95:3a:f6:11:a6:21
Signer

.text
Size: 12KB - Virtual size: 12KB

.Omw
Size: 1KB - Virtual size: 33KB

.A
Size: 1KB - Virtual size: 38KB

.vcmkEH
Size: 4KB - Virtual size: 46KB

.FtWC
Size: 2KB - Virtual size: 45KB

.Pqc
Size: 2KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 7KB

.Lj
Size: 2KB - Virtual size: 182KB

.rsrc
Size: 165KB - Virtual size: 165KB

.reloc
Size: 1024B - Virtual size: 940B