NEAS[.]5a88fa704450f60f19d3c34bde8ed1d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5a88fa704450f60f19d3c34bde8ed1d0.exe
Size

186KB
MD5

5a88fa704450f60f19d3c34bde8ed1d0
SHA1

1459b196d67e79634e8c0a8fa7c7420e62c1e2c4
SHA256

62cd5ebb428773d638a6942ae7e9556b3396d3b56cd574fb4ecadad0b69b3590
SHA512

525922a644c38b0c4a4eaa41673fa7459f61a2d4faa7f678c626d2d8fac18cab2b3016de9753bc7dd3079cef4bf2dab016f0b306ea446f653b1a927639e3d36c
SSDEEP

3072:UrpYREf+HEIMZigUezFJ2bAgMFV1U2JrBhJN/am8A4:ApCEF8bZO2QhRI

Score

1^/10

Malware Config

Signatures

Files

NEAS.5a88fa704450f60f19d3c34bde8ed1d0.exe
.dll windows:6 windows x64

b441a2d3ffdbbdebe924597d21c52827

Code Sign

03:e0:c8:74:4c:f0:1a:0f:2c:a3:03:e2:94:17:67:1c
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/02/2018, 00:00

Not After

06/01/2021, 12:00

Subject

SERIALNUMBER=2803747,CN=DTS\, Inc.,O=DTS\, Inc.,L=Calabasas,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:df:63:3c:f3:66:59:f0:2e:31:16:dc:31:cb:1a:ad:f4:b7:59:9c:aa:a5:12:17:d6:d9:e3:a1:20:0b:68:02
Signer

Actual PE Digest

86:df:63:3c:f3:66:59:f0:2e:31:16:dc:31:cb:1a:ad:f4:b7:59:9c:aa:a5:12:17:d6:d9:e3:a1:20:0b:68:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

rpcrt4

NdrClientCall3
RpcExceptionFilter
NdrServerCallAll
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
NdrServerCall2
RpcBindingFree

vccorlib140_app

?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_translateCurrentException@@YAJ_N@Z
?__abi_WinRTraiseCOMException@@YAXJ@Z
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?ToString@Enum@Platform@@QE$AAAPE$AAVString@2@XZ
??0Object@Platform@@QE$AAA@XZ
??0NotImplementedException@Platform@@QE$AAA@XZ
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?InitializeData@Details@Platform@@YAJH@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?UninitializeData@Details@Platform@@YAXH@Z

msvcp140_app

?__ExceptionPtrDestroy@@YAXPEAX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Xbad_function_call@std@@YAXXZ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Cnd_wait
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_XGetLastError@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_app

__std_type_info_destroy_list
memcpy
_CxxThrowException
memset
_purecall
__std_exception_copy
__std_exception_destroy
__C_specific_handler
__std_terminate
__CxxFrameHandler3
memmove

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm_e
_cexit
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsConcatString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b441a2d3ffdbbdebe924597d21c52827

Code Sign

03:e0:c8:74:4c:f0:1a:0f:2c:a3:03:e2:94:17:67:1cCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

86:df:63:3c:f3:66:59:f0:2e:31:16:dc:31:cb:1a:ad:f4:b7:59:9c:aa:a5:12:17:d6:d9:e3:a1:20:0b:68:02Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-debug-l1-1-0

rpcrt4

vccorlib140_app

msvcp140_app

vcruntime140_app

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-interlocked-l1-1-0

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 12KB - Virtual size: 14KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 2KB - Virtual size: 2KB

03:e0:c8:74:4c:f0:1a:0f:2c:a3:03:e2:94:17:67:1c
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

86:df:63:3c:f3:66:59:f0:2e:31:16:dc:31:cb:1a:ad:f4:b7:59:9c:aa:a5:12:17:d6:d9:e3:a1:20:0b:68:02
Signer

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 12KB - Virtual size: 14KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 2KB - Virtual size: 2KB