NEAS[.]b4034f661e3a82ac42dc081be81bc9a0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.b4034f661e3a82ac42dc081be81bc9a0.exe
Size

1.5MB
MD5

b4034f661e3a82ac42dc081be81bc9a0
SHA1

a9b8fa81a91712cbef2c3195144d9fdab584af26
SHA256

844d070d3fc67489e116fb2f5d734b9fc65191b307df1e3cad4f9daf266fe964
SHA512

86194f2de2098dde585cecfa2b17721e6d3b53ab3103803a2778740f8fea18a67bfc47e4cdec6ada5006cdd58057f0ef5216d1f6f2dc1e24ae3e95f1dbaeec99
SSDEEP

6144:3TI0lw6KGSGjNFOyNp+7Gnbiyi9s+fNyDfUik0072IZdwn82p:3c06INIyNKGx4ADMV0Dn82p

Score

1^/10

Malware Config

Signatures

Files

NEAS.b4034f661e3a82ac42dc081be81bc9a0.exe
.exe windows:5 windows x86

7deacf699e2ce9651fa2a9ba23cdef9a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:02:d5:6a:2f:11:cb:a3:87:e9:fd:a9:24:96:02:a1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/12/2021, 00:00

Not After

08/03/2024, 23:59

Subject

SERIALNUMBER=110111-1929839,CN=Gravity Co.\, Ltd.,O=Gravity Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.2=#130553656f756c,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:c9:bc:8d:56:88:fa:7a:f3:0f:8c:72:d9:d9:5b:27:62:8d:cc:eb:7d:d4:50:02:7d:59:af:7b:be:eb:6e:56
Signer

Actual PE Digest

96:c9:bc:8d:56:88:fa:7a:f3:0f:8c:72:d9:d9:5b:27:62:8d:cc:eb:7d:d4:50:02:7d:59:af:7b:be:eb:6e:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

mfc110

ord10175
ord2430
ord12318
ord12317
ord14329
ord7734
ord14327
ord9203
ord4084
ord4023
ord12720
ord7753
ord1978
ord11766
ord11765
ord14201
ord12307
ord7811
ord14401
ord6192
ord14403
ord6194
ord14402
ord6193
ord987
ord6694
ord3786
ord5765
ord12020
ord8025
ord12032
ord12000
ord5617
ord10047
ord1133
ord2826
ord14340
ord11745
ord499
ord7445
ord9032
ord2994
ord9060
ord2538
ord11998
ord1400
ord10292
ord4041
ord3177
ord918
ord7203
ord13228
ord8629
ord5277
ord4805
ord2327
ord1422
ord13641
ord3299
ord3185
ord6664
ord8936
ord1061
ord3806
ord2933
ord8556
ord4154
ord3087
ord6341
ord5212
ord1449
ord1973
ord977
ord7444
ord10793
ord1873
ord14419
ord11717
ord11716
ord11718
ord11715
ord10961
ord10364
ord11118
ord8850
ord10814
ord11026
ord8785
ord908
ord7202
ord2245
ord2159
ord8934
ord1057
ord4151
ord3085
ord6334
ord10831
ord11912
ord6064
ord13498
ord2704
ord9017
ord11953
ord11180
ord10266
ord4025
ord3340
ord3341
ord3104
ord5975
ord6066
ord13502
ord3243
ord3240
ord10052
ord8018
ord2705
ord10082
ord10084
ord10083
ord10081
ord10085
ord5507
ord11509
ord11510
ord8947
ord11870
ord3772
ord11719
ord14322
ord8773
ord12001
ord6809
ord10795
ord9063
ord3204
ord13619
ord12040
ord8130
ord4519
ord12638
ord12701
ord10228
ord12028
ord8191
ord1459
ord7470
ord8566
ord8273
ord12038
ord1702
ord1711
ord1719
ord1715
ord1724
ord4842
ord4879
ord4850
ord4862
ord4858
ord4854
ord1397
ord4885
ord4875
ord4846
ord4889
ord4867
ord4831
ord4837
ord4870
ord4432
ord5643
ord9495
ord4424
ord2995
ord14330
ord7735
ord14328
ord6710
ord11501
ord13449
ord5782
ord2626
ord11905
ord3874
ord3308
ord3309
ord3203
ord11949
ord994
ord5107
ord5404
ord5614
ord9155
ord5380
ord5110
ord5266
ord5091
ord7537
ord7538
ord7528
ord5264
ord8027
ord9016
ord3631
ord1380
ord884
ord1099
ord13054
ord3798
ord449
ord2464
ord6330
ord6333
ord3816
ord2466
ord6410
ord4746
ord1038
ord316
ord1652
ord1498
ord266
ord265
ord1500
ord2189
ord2353

msvcr110

_setmbcp
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1bad_cast@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
_unlock_file
_lock_file
_fseeki64
fsetpos
fputc
fgetpos
fgetc
memcpy_s
strcoll
strpbrk
memchr
tolower
toupper
ispunct
isxdigit
islower
isupper
tmpnam
rename
remove
_mktime32
_time32
strftime
_localtime32
_gmtime32
_difftime32
clock
system
setlocale
strncpy
strncat
strcspn
strtod
sprintf
strrchr
getenv
_HUGE
_libm_sse2_tan_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_libm_sse2_exp_precise
_libm_sse2_atan_precise
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_CItanh
_CIsinh
_CIfmod
_CIcosh
_CIatan2
modf
ldexp
frexp
ceil
srand
rand
localeconv
iscntrl
isalnum
isdigit
isalpha
tmpfile
setvbuf
_popen
_pclose
fwrite
ftell
fseek
fscanf
fflush
clearerr
_setjmp3
exit
longjmp
fgets
floor
_libm_sse2_pow_precise
strtoul
fputs
isspace
strstr
strerror
strchr
realloc
free
ungetc
getc
freopen
fread
qsort
memcpy
memset
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
memmove
vsprintf
_CxxThrowException
__CxxFrameHandler3
_purecall
_snprintf_s
_errno
__iob_func
fclose
feof
ferror
fopen
fprintf

kernel32

FormatMessageA
LoadLibraryA
EncodePointer
DecodePointer
FindClose
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeLibrary
GetLastError
GetVersionExA
IsProcessorFeaturePresent
FindFirstFileA
CreateDirectoryA
lstrcpynA
IsDebuggerPresent

user32

GetWindowRect
LoadBitmapW
EnableWindow
SendMessageA
ScreenToClient

gdi32

SelectObject
CreateSolidBrush
CreateCompatibleDC
BitBlt
GetObjectA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

msvcp110

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBEPAXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7deacf699e2ce9651fa2a9ba23cdef9a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:02:d5:6a:2f:11:cb:a3:87:e9:fd:a9:24:96:02:a1Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

96:c9:bc:8d:56:88:fa:7a:f3:0f:8c:72:d9:d9:5b:27:62:8d:cc:eb:7d:d4:50:02:7d:59:af:7b:be:eb:6e:56Signer

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

mfc110

msvcr110

kernel32

user32

gdi32

advapi32

msvcp110

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 1KB - Virtual size: 27KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:02:d5:6a:2f:11:cb:a3:87:e9:fd:a9:24:96:02:a1
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

96:c9:bc:8d:56:88:fa:7a:f3:0f:8c:72:d9:d9:5b:27:62:8d:cc:eb:7d:d4:50:02:7d:59:af:7b:be:eb:6e:56
Signer

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 1KB - Virtual size: 27KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB