NEAS[.]632eefb43f7901630d6345ff1b5c32a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.632eefb43f7901630d6345ff1b5c32a0.exe
Size

56KB
MD5

632eefb43f7901630d6345ff1b5c32a0
SHA1

0fd55cce535cfb5c686e6a1855a060b62753f77d
SHA256

4dc766da9fdb186ac25f72953d61f819fefa402ee72684d4bcf27e7f2090d837
SHA512

ef4158ff4f5f9a90cbdcc9059dfb01e0822eed14e526f505fa556ab81ac6db57f3523d2afc93260cad1203f081b9e9de3ad4b599c6a97929472588284245906e
SSDEEP

768:1LsXrbeUg3PD0ATmJoGI2IU3/cZ7mjUUvFkzGaCYAWFFVXIILDr:1MuUgdTmJoGlDEVmozfACPb3r

Score

1^/10

Malware Config

Signatures

Files

NEAS.632eefb43f7901630d6345ff1b5c32a0.exe
.dll windows:5 windows x64

f718c19fda72999f51bb97428fde62df

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/07/2012, 00:00

Not After

24/07/2013, 23:59

Subject

CN=Wireshark Foundation,O=Wireshark Foundation,POSTALCODE=94105,STREET=199 Fremont,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:43:0a:50:99:18:5a:8a:1a:f9:71:c5:4c:46:bc:90:1e:76:6f:43
Signer

Actual PE Digest

3e:43:0a:50:99:18:5a:8a:1a:f9:71:c5:4c:46:bc:90:1e:76:6f:43

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryW
MultiByteToWideChar
GetProcAddress
GetCommandLineW
RtlCaptureContext
RtlLookupFunctionEntry
SetCurrentDirectoryW
MoveFileExW
GetLastError
WideCharToMultiByte
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
DecodePointer
EncodePointer

ws2_32

htonl

advapi32

OpenSCManagerW
OpenServiceW
QueryServiceStatus

shell32

CommandLineToArgvW

libglib-2.0-0

g_realloc
g_ascii_toupper
g_ascii_tolower
g_strdup
g_malloc
g_strdup_vprintf
g_strlcpy
g_utf16_to_utf8
g_path_get_dirname
g_path_is_absolute
g_path_skip_root
g_utf8_to_utf16
g_free
g_snprintf

libgmodule-2.0-0

g_module_open_utf8
g_module_build_path

msvcr100

__crt_debugger_hook
_onexit
_lock
__dllonexit
_wopen
_errno
_wmkdir
_wstat64
wcslen
_wunlink
_wrmdir
_wremove
_wfopen
_wfreopen
_wgetenv
getenv
isspace
islower
isxdigit
isdigit
strlen
memset
memcpy
strchr
isprint
_localtime64
_snwprintf
fputc
fprintf
__iob_func
strncmp
strcmp
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_amsg_exit
__C_specific_handler
__CppXcptFilter
__clean_type_info_names_internal
_unlock
_strnicmp

Exports

Exports

AirPDcapWepDecrypt
arg_list_utf_16to8
ascii_strdown_inplace
ascii_strup_inplace
crc16_0x5935
crc16_ccitt
crc16_ccitt_seed
crc16_plain_update
crc16_x25_ccitt
crc32_ccitt
crc32_ccitt_seed
crc32_ccitt_table_lookup
crc32_mpeg2_seed
crc32c_calculate
crc32c_calculate_no_swap
crc32c_table_lookup
crc8_0x2F
crc_drm
get_cur_groupname
get_cur_username
getenv_utf8
getopt
inet_aton
init_process_policies
isdigit_string
isprint_string
mpa_bitrate
mpa_frequency
mpa_layer
mpa_padding
mpa_samples
mpa_version
npf_sys_is_running
optarg
opterr
optind
optopt
relinquish_special_privs_perm
running_with_special_privs
started_with_special_privs
strptime
type_util_gdouble_to_guint64
type_util_guint64_to_gdouble
update_crc10_by_bytes
update_crc6_by_bytes
utf_16to8
utf_8to16
utf_8to16_snprintf
ws_inet_ntop
ws_inet_pton
ws_init_dll_search_path
ws_load_library
ws_module_open
ws_stdio_fopen
ws_stdio_freopen
ws_stdio_mkdir
ws_stdio_open
ws_stdio_remove
ws_stdio_rename
ws_stdio_stat64
ws_stdio_unlink

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f718c19fda72999f51bb97428fde62df

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19Certificate

Extended Key Usages

Key Usages

3e:43:0a:50:99:18:5a:8a:1a:f9:71:c5:4c:46:bc:90:1e:76:6f:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

advapi32

shell32

libglib-2.0-0

libgmodule-2.0-0

msvcr100

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 996B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19
Certificate

3e:43:0a:50:99:18:5a:8a:1a:f9:71:c5:4c:46:bc:90:1e:76:6f:43
Signer

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 996B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B