NEAS[.]909b25111d3e791fa7bdc3baac898b40[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.909b25111d3e791fa7bdc3baac898b40.exe
Size

1.5MB
MD5

909b25111d3e791fa7bdc3baac898b40
SHA1

aceb7d4fc34401f08a6081201fcb6f3e55061e0e
SHA256

11b88133a67cf8e3e5da452b5e82a1805c880ecb815a9159853364377b426213
SHA512

3a6b523a76c7ca491d46e03040e0062af113f071da43cf565efcdbe40ce5946edb2d8427a5363495d067caef91fab3d6fb018175d379d939ce4a5dc7b5bff750
SSDEEP

24576:YnNIU1/2YTZZVOI+8ilBmEBJ0/aY3LA/MC:YnSaZcDpU37A/MC

Score

1^/10

Malware Config

Signatures

Files

NEAS.909b25111d3e791fa7bdc3baac898b40.exe
.exe windows:5 windows x64

160b4356b889ba4e8627fb206eda3d27

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:20:ee:4e:9e:81:87:4e:9b:93:ad:c0:cc:0e:0b:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-10-2012 00:00

Not After

03-11-2013 23:59

Subject

CN=Panasonic Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Products Business Unit,O=Panasonic Corporation,L=Moriguchi,ST=Osaka,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:42:62:b1:ce:cb:cb:c5:85:63:7f:cd:df:27:43:42:67:05:ba:90
Signer

Actual PE Digest

2f:42:62:b1:ce:cb:cb:c5:85:63:7f:cd:df:27:43:42:67:05:ba:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17

setupapi

CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Get_Device_ID_ExW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
ord680

powrprof

PowerDeleteScheme
PowerReadFriendlyName
PowerReadDCValueIndex
PowerReadACValueIndex
PowerGetActiveScheme
PowerSetActiveScheme
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerWriteFriendlyName
PowerDuplicateScheme
PowerCanRestoreIndividualDefaultPowerScheme
PowerEnumerate
PowerRestoreIndividualDefaultPowerScheme

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW

kernel32

GetLocaleInfoA
GetFileAttributesW
GetExitCodeProcess
HeapReAlloc
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
FindNextFileW
lstrcmpiW
CompareStringW
FindFirstFileW
GetModuleFileNameW
LocalFree
SystemTimeToFileTime
GetLocalTime
Sleep
GetLastError
lstrlenW
GetTickCount
CloseHandle
WaitForSingleObject
CreateProcessW
GetSystemPowerStatus
lstrcmpW
SetProcessShutdownParameters
lstrcmpA
GetCurrentThreadId
OutputDebugStringW
CreateThread
CreateNamedPipeW
CreateFileW
ReadFile
DisconnectNamedPipe
ConnectNamedPipe
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
SetLastError
DeviceIoControl
WideCharToMultiByte
SetEvent
GetSystemTime
CreateMutexW
GetVersionExW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
QueryPerformanceCounter
RaiseException
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetEnvironmentVariableA
SetEnvironmentVariableW
GetExitCodeThread

user32

DestroyWindow
PostQuitMessage
GetSystemMetrics
CreateDialogParamW
ShowWindow
RegisterPowerSettingNotification
LoadMenuW
GetSubMenu
LoadCursorW
DeleteMenu
InsertMenuItemW
GetCursorPos
TrackPopupMenu
DestroyMenu
PostMessageW
FindWindowW
KillTimer
SetTimer
RegisterDeviceNotificationW
ChangeDisplaySettingsW
EnumDisplaySettingsW
DefWindowProcW
LoadImageW
DestroyIcon
EnumDisplayDevicesW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
MessageBoxW
SetDlgItemTextW
EnableWindow
MoveWindow
ScreenToClient
GetWindowRect
GetDlgItem
SendMessageW
SetWindowPos
EndDialog
SetWindowTextW
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
DialogBoxParamW
MessageBeep
CreateWindowExW
LoadStringW
RegisterClassExW
GetForegroundWindow
GetDesktopWindow
RegisterWindowMessageW
UnregisterDeviceNotification
SetMenuItemInfoW
GetMessageW

gdi32

CreateSolidBrush
DeleteObject

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocStringLen

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

160b4356b889ba4e8627fb206eda3d27

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

79:20:ee:4e:9e:81:87:4e:9b:93:ad:c0:cc:0e:0b:9dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2f:42:62:b1:ce:cb:cb:c5:85:63:7f:cd:df:27:43:42:67:05:ba:90Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

setupapi

shell32

powrprof

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 7KB - Virtual size: 43KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

79:20:ee:4e:9e:81:87:4e:9b:93:ad:c0:cc:0e:0b:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2f:42:62:b1:ce:cb:cb:c5:85:63:7f:cd:df:27:43:42:67:05:ba:90
Signer

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 7KB - Virtual size: 43KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB