NEAS[.]1abe6eef71e6acf5a5066e3599dbad80[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1abe6eef71e6acf5a5066e3599dbad80.exe
Size

1.5MB
MD5

1abe6eef71e6acf5a5066e3599dbad80
SHA1

6594c1186bd6ba22b9e959e67bc19e92dd75d498
SHA256

a97bdf89a7eba56c9338d847edc9155edaef399f204b60f396c03ec2f37a65cc
SHA512

99a366cce48df18a1488b9b6d95d575793c2b9a3b499558ff2b2b8dd32f4e20d6c3bc7a7454b2a6cd5db9b3fdae16b3f051e9439800e5a2db816b40de7390594
SSDEEP

24576:WyAOYcK2R6185jZ2qVsOZeUr5Nqrv2IgmYQ20+bTB1uWiinMMMMMMGf93rEH7z:dAVc0lqOOUTd2b/BXMMMMMMGF2

Score

1^/10

Malware Config

Signatures

Files

NEAS.1abe6eef71e6acf5a5066e3599dbad80.exe
.exe windows:5 windows x86

7de44a4a93c92ec9c546f8cfb385ee32

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/06/2015, 00:00

Not After

31/05/2017, 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:1d:7e:13:a4:06:d0:9a:db:d8:1b:1d:87:40:d0:fd:14:de:ab:e0
Signer

Actual PE Digest

9c:1d:7e:13:a4:06:d0:9a:db:d8:1b:1d:87:40:d0:fd:14:de:ab:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ord8
CreateStatusWindowW
ImageList_Destroy
ImageList_Create
ImageList_Remove
ImageList_AddMasked
ImageList_Add
PropertySheetW

shlwapi

StrCmpLogicalW
SHAutoComplete

uxtheme

IsAppThemed
IsThemeActive

kernel32

SetThreadExecutionState
SetThreadPriority
GetCurrentThread
SetPriorityClass
SetCurrentDirectoryW
GetFullPathNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
GetDateFormatW
GetTimeFormatW
GetTempPathW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetVersionExA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
ReleaseMutex
CreateMutexW
GetDiskFreeSpaceW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetTickCount
GetModuleHandleExW
GetCompressedFileSizeW
UpdateResourceW
EnumResourceLanguagesW
EndUpdateResourceW
EnumResourceNamesW
BeginUpdateResourceW
CompareStringA
GetNumberFormatW
GetLogicalDrives
ResumeThread
SuspendThread
GetCurrentThreadId
GetLocalTime
CopyFileW
GetThreadPriority
GetPriorityClass
SetErrorMode
MulDiv
CompareFileTime
FindNextChangeNotification
WaitForMultipleObjects
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
HeapSize
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
IsDebuggerPresent
TerminateProcess
VirtualAlloc
VirtualFree
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetConsoleMode
GetConsoleCP
RaiseException
ExitThread
RtlUnwind
HeapReAlloc
GetCurrentProcessId
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
FoldStringW
GetCurrentDirectoryW
GetVersionExW
FindNextFileW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileType
GetFileTime
FlushFileBuffers
GetStdHandle
GetLongPathNameW
GetShortPathNameW
MoveFileW
FindFirstFileW
FindClose
DeviceIoControl
BackupSeek
BackupRead
FormatMessageW
LocalFree
GetCommandLineW
GetFileInformationByHandle
CreateHardLinkW
GetModuleHandleW
GetCurrentProcess
SetLastError
GetModuleFileNameW
HeapCreate
HeapDestroy
DosDateTimeToFileTime
LocalFileTimeToFileTime
HeapFree
HeapAlloc
Sleep
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
DeleteFileW
SetEndOfFile
WriteFile
ReadFile
GetProcAddress
SetFileTime
GetFileAttributesW
CloseHandle
SetFilePointer
GetFileSize
GetLastError
CreateFileW
LoadLibraryW
FreeLibrary
GetProcessHeap
SetEnvironmentVariableA
GetLocaleInfoW

user32

PostQuitMessage
SetMenu
InsertMenuW
LoadMenuW
RegisterClassW
LoadAcceleratorsW
GetMenuState
CreateIcon
SetForegroundWindow
FlashWindow
RegisterClassExW
CopyRect
ValidateRect
GetSysColor
CopyImage
FillRect
DrawIconEx
GetSystemMenu
SetTimer
KillTimer
SystemParametersInfoW
MessageBoxIndirectW
RedrawWindow
GetComboBoxInfo
IsCharUpperW
IsCharAlphaW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBeep
PeekMessageW
GetFocus
EnableMenuItem
MoveWindow
CheckMenuItem
GetClipboardData
InsertMenuItemW
LoadImageW
UpdateWindow
FindWindowW
EndPaint
AppendMenuW
DrawMenuBar
GetMenu
GetSubMenu
DeleteMenu
GetMenuItemCount
ScreenToClient
ClientToScreen
CreatePopupMenu
TrackPopupMenu
DestroyMenu
CallWindowProcW
WaitForInputIdle
IsWindow
RegisterClipboardFormatW
GetKeyState
LoadCursorW
SetCursor
WindowFromPoint
GetWindowThreadProcessId
GetDC
ReleaseDC
GetDesktopWindow
GetCursorPos
EnableWindow
IntersectRect
SystemParametersInfoA
IsIconic
IsWindowEnabled
SetDlgItemInt
GetDlgItemInt
GetMenuItemID
GetLastActivePopup
IsChild
PostThreadMessageW
CreateDialogParamW
SetScrollPos
ScrollWindowEx
PtInRect
SetScrollRange
LoadIconW
CreateDialogIndirectParamW
GetPropW
RemovePropW
BringWindowToTop
GetMessageW
TranslateMessage
DispatchMessageW
GetIconInfo
CreateIconIndirect
TranslateAcceleratorW
IsDialogMessageW
LoadBitmapW
SetPropW
wsprintfW
OemToCharW
OemToCharA
CharToOemBuffA
OemToCharBuffA
CharToOemA
MessageBoxW
CharToOemBuffW
GetForegroundWindow
RegisterWindowMessageW
FindWindowExW
BeginPaint
EnumWindows
IsDlgButtonChecked
ShowWindow
EnumChildWindows
PostMessageW
InvalidateRect
CheckDlgButton
DialogBoxParamW
DestroyIcon
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
GetParent
MapWindowPoints
GetDlgItem
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
DestroyWindow
CreateWindowExW
DefWindowProcW
SetFocus
CharUpperW
CharLowerW
ExitWindowsEx
CharLowerA
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetClassNameW
SendMessageW
GetMenuItemInfoW
SetMenuItemInfoW
GetWindowLongW
SetWindowLongW
GetWindowTextLengthW

gdi32

Rectangle
TextOutA
MoveToEx
LineTo
GetDeviceCaps
CreatePatternBrush
SetPixel
CreateDIBSection
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
CreateCompatibleBitmap
StretchBlt
SetBkColor
ExtTextOutW
BitBlt
GetObjectW
CreateCompatibleDC
GetPixel
DeleteDC
CreatePen
CreateSolidBrush
SetTextColor
TextOutW
Polygon
Polyline
SelectObject
GetTextFaceW
GetTextMetricsW
CreateFontW
GetTextExtentPoint32W
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW

advapi32

RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetSecurityDescriptorLength
GetFileSecurityW
IsTextUnicode
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DuplicateToken
MapGenericMask
AccessCheck
SetFileSecurityW
RegCloseKey

shell32

SHGetFolderPathW
SHGetPathFromIDListW
FindExecutableW
DragFinish
DragQueryFileW
DragAcceptFiles
Shell_NotifyIconW
ShellExecuteW
ord100
SHAddToRecentDocs
SHFileOperationW
ShellExecuteExW
SHBrowseForFolderW
SHChangeNotify
SHGetDesktopFolder
SHGetFolderLocation
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
CoTaskMemAlloc
CLSIDFromString
OleSetClipboard
DoDragDrop
CoInitializeEx

oleaut32

VariantClear
SysAllocString

Sections

.text
Size: 1022KB - Virtual size: 1021KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7de44a4a93c92ec9c546f8cfb385ee32

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

9c:1d:7e:13:a4:06:d0:9a:db:d8:1b:1d:87:40:d0:fd:14:de:ab:e0Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1022KB - Virtual size: 1021KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 20KB - Virtual size: 677KB

.rsrc Size: 239KB - Virtual size: 240KB

.reloc Size: 56KB - Virtual size: 55KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

9c:1d:7e:13:a4:06:d0:9a:db:d8:1b:1d:87:40:d0:fd:14:de:ab:e0
Signer

.text
Size: 1022KB - Virtual size: 1021KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 20KB - Virtual size: 677KB

.rsrc
Size: 239KB - Virtual size: 240KB

.reloc
Size: 56KB - Virtual size: 55KB