NEAS[.]1368e5aad69d3f512e2c495da3db92a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1368e5aad69d3f512e2c495da3db92a0.exe
Size

117KB
MD5

1368e5aad69d3f512e2c495da3db92a0
SHA1

674aa7b394c8bd975b9f004ba89253fc96f06bd7
SHA256

3db36970b28cb9ca06db77d37064343ff310848919fb2478d547fd70e4f65567
SHA512

5df5f4b602d6dba83472f8dc47862fee59b2d7e9caed078f80cf3a7b9d72844e7be2e164b94912d76d04c95ff34f86d02ccd581b414209c273b627049f608d1c
SSDEEP

1536:R91hXzJK6a+E+dzvNzf+Kf0zKKNZlraj8nWM/3By+KLC1yyi:zzJK6a2vNzf+I8HOm/3U+KLC1K

Score

1^/10

Malware Config

Signatures

Files

NEAS.1368e5aad69d3f512e2c495da3db92a0.exe
.exe windows:5 windows x86

a10f8c1630db675641b1b223d2d1caed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:d5:4f:25:c5:5b:14:47:98:fe:dd:d0:61:c2:1c:a8:55:56:8f:62
Signer

Actual PE Digest

cc:d5:4f:25:c5:5b:14:47:98:fe:dd:d0:61:c2:1c:a8:55:56:8f:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathGetArgsW

kernel32

GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
CloseHandle
lstrlenW
GetModuleFileNameW
CreateProcessW
lstrlenA
GetCommandLineW
LocalFree
LocalAlloc
GetProcAddress
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException
ReleaseSemaphore
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
GetProcessId
VirtualQueryEx
CreateFileW
GetCurrentProcess
InterlockedDecrement
DeleteCriticalSection
RtlCaptureContext
LoadLibraryW
CreateThread
CreateSemaphoreW
InitializeCriticalSection
InterlockedIncrement
WaitNamedPipeW
WaitForMultipleObjects
SetEvent
ResetEvent
WriteFile
TransactNamedPipe
SetNamedPipeHandleState
GetTempPathW
IsDebuggerPresent
SetFilePointer
GetTickCount
SetLastError
Sleep
GetModuleHandleW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
GetStartupInfoW
ExitProcess
HeapFree
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapReAlloc
RtlUnwind
GetCPInfo
LCMapStringW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount

advapi32

OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a10f8c1630db675641b1b223d2d1caed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

cc:d5:4f:25:c5:5b:14:47:98:fe:dd:d0:61:c2:1c:a8:55:56:8f:62Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

ole32

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

cc:d5:4f:25:c5:5b:14:47:98:fe:dd:d0:61:c2:1c:a8:55:56:8f:62
Signer

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 8KB