NEAS[.]cd78261145418dd876d9fecff3fb5690[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cd78261145418dd876d9fecff3fb5690.exe
Size

1.6MB
MD5

cd78261145418dd876d9fecff3fb5690
SHA1

80e13e5512860d1d6af6a875fe110231a7146511
SHA256

0f3b844441c780af8ea6bafdb56e916792577c081d12301b68fd4a1b1551db5a
SHA512

967e0f63017ae8f49467b5d5d020df93c2477d56aaa7a9b7a9f6907032dad6d9cf6f3c97fb7a1795921ef96de11c91e64de1a0fa4cdb6e8724a83ed468dc40ce
SSDEEP

49152:3Ssek6hvIQtuolYzaRqjc1Ht4ofDAGAke4QXHOu/:r8hQmu5ziHtLAQrQXuu/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

NEAS.cd78261145418dd876d9fecff3fb5690.exe
.exe windows:4 windows x64

Code Sign

0e:e1:e3:1d:43:34:f4:54:bd:62:0c:95:10:72:e8:bd
Certificate

Issuer

CN=Dev/Shareware CA Certificate

Not Before

12/05/2022, 01:03

Not After

31/12/2039, 23:59

Subject

CN=Dev/Shareware CA Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:22:1d:69:8a:c6:a5:2d:28:4f:64:35:32:8f:1c:dd:4d:da:db:fc:77:64:6b:84:91:1d:20:a3:f5:91:02:e3:1b:1c:b6:4b:68:21:34:dc:1b:5f:cb:17:d0:18:4c:ae:6b:cc:c7:e8:77:44:10:1d:8e:e7:2f:47:59:a2:f6:15
Signer

Actual PE Digest

1e:22:1d:69:8a:c6:a5:2d:28:4f:64:35:32:8f:1c:dd:4d:da:db:fc:77:64:6b:84:91:1d:20:a3:f5:91:02:e3:1b:1c:b6:4b:68:21:34:dc:1b:5f:cb:17:d0:18:4c:ae:6b:cc:c7:e8:77:44:10:1d:8e:e7:2f:47:59:a2:f6:15

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

0e:e1:e3:1d:43:34:f4:54:bd:62:0c:95:10:72:e8:bdCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

1e:22:1d:69:8a:c6:a5:2d:28:4f:64:35:32:8f:1c:dd:4d:da:db:fc:77:64:6b:84:91:1d:20:a3:f5:91:02:e3:1b:1c:b6:4b:68:21:34:dc:1b:5f:cb:17:d0:18:4c:ae:6b:cc:c7:e8:77:44:10:1d:8e:e7:2f:47:59:a2:f6:15Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 208KB

UPX1 Size: 77KB - Virtual size: 80KB

.rsrc Size: 73KB - Virtual size: 76KB

0e:e1:e3:1d:43:34:f4:54:bd:62:0c:95:10:72:e8:bd
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

1e:22:1d:69:8a:c6:a5:2d:28:4f:64:35:32:8f:1c:dd:4d:da:db:fc:77:64:6b:84:91:1d:20:a3:f5:91:02:e3:1b:1c:b6:4b:68:21:34:dc:1b:5f:cb:17:d0:18:4c:ae:6b:cc:c7:e8:77:44:10:1d:8e:e7:2f:47:59:a2:f6:15
Signer

UPX0
Size: - Virtual size: 208KB

UPX1
Size: 77KB - Virtual size: 80KB

.rsrc
Size: 73KB - Virtual size: 76KB