NEAS[.]55f7e8e7acf0e36d4bd9ae5a17120d20[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.55f7e8e7acf0e36d4bd9ae5a17120d20.exe
Size

1.8MB
MD5

55f7e8e7acf0e36d4bd9ae5a17120d20
SHA1

7c6f3e38fd340b073e8c6cfb6532ba773faba019
SHA256

0c5a226b8915aa6ed622d88ae4a10318fcb24f809f824df0bc0249b28da06f21
SHA512

4370bde6dfb55a0a81a02bfa65194611fa288911a45356367549f45ac2abfa5ecff28c18da8c0f13bea041d85beb60eae5a4aed0994ec463f6829fc42afbb494
SSDEEP

24576:pN/dz7fOjWXP3oZPPDH9Y5yNl9QlZ6O9Nb8CLHG4fo9w7SCwUZZanv:pNIj0a9YyNiZ6O9NbJm4B7Shoc

Score

1^/10

Malware Config

Signatures

Files

NEAS.55f7e8e7acf0e36d4bd9ae5a17120d20.exe
.exe windows:4 windows x86

ccd1d98d4584daae8ab786f85b17e13e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/03/2022, 00:00

Not After

02/04/2025, 23:59

Subject

SERIALNUMBER=4489370,CN=NCH Software\, Inc.,O=NCH Software\, Inc.,L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/03/2022, 00:00

Not After

02/04/2025, 23:59

Subject

SERIALNUMBER=4489370,CN=NCH Software\, Inc.,O=NCH Software\, Inc.,L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:f8:6a:6d:51:6f:4b:2d:c9:6f:6c:9d:9b:5a:54:a0:a0:d2:31:40:f4:63:9b:39:72:e9:25:6b:4a:8d:ee:8b
Signer

Actual PE Digest

37:f8:6a:6d:51:6f:4b:2d:c9:6f:6c:9d:9b:5a:54:a0:a0:d2:31:40:f4:63:9b:39:72:e9:25:6b:4a:8d:ee:8b

Digest Algorithm

sha256

PE Digest Matches

true

64:15:f5:06:e4:86:88:c4:96:8a:87:ac:43:a5:2b:5a:b7:8a:28:6e
Signer

Actual PE Digest

64:15:f5:06:e4:86:88:c4:96:8a:87:ac:43:a5:2b:5a:b7:8a:28:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

kernel32

FindClose
WideCharToMultiByte
VerifyVersionInfoW
CreateEventW
HeapAlloc
FreeLibrary
TerminateProcess
UnmapViewOfFile
GetProcessHeap
CreateDirectoryW
ReadFile
MapViewOfFile
LocalAlloc
GetCurrentProcess
InterlockedIncrement
GetTempPathW
FlushFileBuffers
CreateFileW
InitializeCriticalSection
GlobalSize
OpenProcess
GetTickCount
InterlockedDecrement
CopyFileW
CloseHandle
DeleteFileW
ResetEvent
Sleep
GetSystemTime
OpenFileMappingW
WaitForSingleObject
GetModuleHandleW
InterlockedExchangeAdd
SetFilePointerEx
GlobalFree
DisconnectNamedPipe
SetEvent
CreateProcessW
GetVersionExW
MulDiv
GetFileSizeEx
LocalFree
GetDriveTypeW
SuspendThread
HeapFree
GetLastError
MoveFileW
MultiByteToWideChar
DeleteCriticalSection
GlobalLock
GetFileAttributesW
VerSetConditionMask
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetProcAddress
GetStdHandle
GetPrivateProfileIntW
LoadLibraryA
WaitForMultipleObjects
FileTimeToLocalFileTime
CreateFileMappingW
CreateToolhelp32Snapshot
LoadLibraryW
QueryPerformanceFrequency
CreateThread
GetLocaleInfoW
GetFileSize
GetShortPathNameW
ProcessIdToSessionId
ReadProcessMemory
CreateMutexW
SetFileAttributesW
WaitNamedPipeW
GetCurrentDirectoryW
GetThreadContext
lstrcpyW
GetModuleFileNameA
ReleaseMutex
CancelIo
ResumeThread
GetCurrentDirectoryA
FileTimeToSystemTime
ExitProcess
lstrlenA
GetCurrentThread
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindResourceW
GetStartupInfoW
RemoveDirectoryW
GlobalAlloc
VirtualQuery
CreateNamedPipeW
DeviceIoControl
ConnectNamedPipe
GetPrivateProfileStringW
GlobalMemoryStatusEx
GetLogicalDriveStringsW
SetThreadPriority
GetTimeZoneInformation
MoveFileExW
FindFirstFileW
PeekNamedPipe
LoadResource
GetSystemInfo
GetACP
LoadLibraryExW
SetCurrentDirectoryW
GetPrivateProfileSectionNamesW
Process32NextW
LockResource
SetUnhandledExceptionFilter
GetDiskFreeSpaceExW
GetModuleFileNameW
GetEnvironmentVariableA
GetComputerNameW
GetVersionExA
GetOverlappedResult
GetCommandLineW
GetThreadPriority
FreeResource
SizeofResource
QueryPerformanceCounter
SetLastError
GetExitCodeProcess
SetEndOfFile
RtlCaptureContext
SetEnvironmentVariableW
DuplicateHandle
GetFileTime
Process32FirstW
GetEnvironmentVariableW
GetCurrentProcessId
CreatePipe
InterlockedExchange
GlobalUnlock
SetFilePointer
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetCPInfo
GetOEMCP
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
VirtualAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetUserDefaultLCID
HeapDestroy
HeapReAlloc
LCMapStringW
LCMapStringA
HeapSize
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA

advapi32

GetSidSubAuthority
RegEnumKeyExW
RegEnumValueW
RegSetKeySecurity
RegDeleteKeyW
GetSidLengthRequired
SetFileSecurityW
RegQueryInfoKeyW
InitializeSid
RegOpenKeyW
DuplicateTokenEx
InitializeAcl
RegEnumKeyW
AddAccessAllowedAce
CheckTokenMembership
GetAce
GetLengthSid
SetEntriesInAclW
GetUserNameW
LookupAccountSidW
AdjustTokenPrivileges
RegSetValueExW
EnumDependentServicesW
StartServiceW
BuildTrusteeWithSidW
FreeSid
SetSecurityInfo
PrivilegeCheck
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityInfo
OpenServiceW
CloseServiceHandle
AllocateAndInitializeSid
QueryServiceStatusEx
OpenProcessToken
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
OpenSCManagerW
ControlService
RegCreateKeyExW
LookupPrivilegeValueW

comctl32

ImageList_GetIconSize
ord17
ImageList_Destroy
PropertySheetW
ImageList_DrawEx
_TrackMouseEvent

comdlg32

GetSaveFileNameW
GetOpenFileNameW

gdi32

Polyline
SetPixel
BitBlt
CreateCompatibleDC
SetStretchBltMode
GetStockObject
IntersectClipRect
DeleteDC
CreateDIBitmap
SetDIBits
GetWindowExtEx
SetDCBrushColor
SetViewportOrgEx
GetViewportExtEx
CreateRectRgnIndirect
Polygon
SetBrushOrgEx
CreateBrushIndirect
SetBkColor
CreatePatternBrush
CreateDIBSection
CreateCompatibleBitmap
GetTextExtentPoint32W
PolyPolyline
GetDIBits
SetViewportExtEx
GetObjectA
SelectClipRgn
GetTextMetricsA
SetTextAlign
TextOutW
SetWindowExtEx
MoveToEx
SetTextColor
GetDeviceCaps
StretchBlt
CreatePen
CreateSolidBrush
GetTextMetricsW
SetBkMode
LineTo
GetCurrentObject
DeleteObject
GetObjectW
CreateFontIndirectW
SelectObject
CreateFontW
ExtTextOutW

msacm32

acmStreamSize
acmStreamPrepareHeader
acmStreamUnprepareHeader
acmStreamClose
acmStreamConvert
acmStreamOpen

ole32

CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoInitializeSecurity
CreateStreamOnHGlobal
CoInitialize
PropVariantClear
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoTaskMemAlloc
CoSetProxyBlanket

oleaut32

OleLoadPicture
SysFreeString
SysStringByteLen
SysAllocStringByteLen
OleLoadPicturePath
SysAllocStringLen
VariantClear
SysAllocString
VariantInit

shell32

SHGetFolderPathW
SHParseDisplayName
SHCreateShellItem
ShellExecuteExW
SHGetPathFromIDListW
ord680
SHGetMalloc
ord155
ShellExecuteA
SHGetDesktopFolder
Shell_NotifyIconW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW
CommandLineToArgvW

shlwapi

PathCompactPathExW
SHDeleteEmptyKeyW
SHDeleteKeyW

user32

IsZoomed
EmptyClipboard
EndMenu
RegisterClassW
IsWindow
GetActiveWindow
GetWindowTextW
LoadImageW
DispatchMessageW
InsertMenuW
GetKeyNameTextW
GetUpdateRect
GetClassNameW
GetIconInfo
IsClipboardFormatAvailable
PostQuitMessage
GetPropW
OffsetRect
IsWindowEnabled
EndDialog
GetScrollInfo
InflateRect
DrawEdge
IsDialogMessageW
PeekMessageW
CreateDialogParamW
keybd_event
MonitorFromWindow
SendDlgItemMessageW
GetDlgCtrlID
SetWindowPos
TranslateMessage
GetMenuInfo
DrawStateW
SetMenuItemInfoW
EnumChildWindows
FlashWindowEx
DrawFocusRect
MsgWaitForMultipleObjects
SetActiveWindow
CallNextHookEx
DialogBoxParamW
GetDlgItemTextW
GetWindowLongW
GetKeyboardState
GetWindowDC
DialogBoxIndirectParamW
MapDialogRect
GetNextDlgGroupItem
SetWindowPlacement
GetWindow
DestroyIcon
SetMenuInfo
MonitorFromPoint
FindWindowW
GetSysColor
GetWindowTextLengthW
CallWindowProcW
SetClipboardData
RemovePropW
GetMonitorInfoW
EnableWindow
ShowScrollBar
GetWindowThreadProcessId
AllowSetForegroundWindow
GetCapture
GetFocus
InsertMenuItemW
ModifyMenuW
MapWindowPoints
FindWindowExW
GetSysColorBrush
RedrawWindow
wsprintfW
GetScrollBarInfo
GetMessageW
GetDesktopWindow
SetForegroundWindow
SetDlgItemTextW
GetClassInfoW
WindowFromPoint
IsWindowVisible
SetScrollInfo
WindowFromDC
PtInRect
GetSystemMetrics
CheckDlgButton
GetAncestor
IsDlgButtonChecked
LoadStringW
GetMenuItemInfoW
EnableMenuItem
GetForegroundWindow
RemoveMenu
SetPropW
IsCharAlphaW
DrawIconEx
GetClassNameA
MapVirtualKeyW
DeleteMenu
GetAsyncKeyState
CreateWindowExW
GetWindowPlacement
UpdateWindow
KillTimer
MoveWindow
SetCapture
AppendMenuW
SetTimer
ScrollWindowEx
DestroyMenu
ClientToScreen
GetDC
CheckMenuRadioItem
SetWindowLongW
GetMenuStringW
GetClientRect
SetWindowTextW
FrameRect
SetWindowsHookExW
TrackPopupMenu
GetClipboardData
GetKeyState
SystemParametersInfoW
MessageBoxW
PostMessageW
BeginPaint
GetCursorInfo
SetClassLongW
FillRect
SetMenu
GetMenu
InvalidateRect
GetDlgItem
SetCursor
EndPaint
ReleaseDC
GetSubMenu
DefWindowProcW
ReleaseCapture
CreatePopupMenu
GetCursor
GetParent
WaitForInputIdle
SendMessageW
ScreenToClient
ShowWindow
SetFocus
GetWindowRect
RegisterWindowMessageW
SetMenuDefaultItem
DrawTextW
IsIconic
OpenClipboard
GetComboBoxInfo
CloseClipboard
CheckMenuItem
UnhookWindowsHookEx
CreateDialogIndirectParamW
LoadCursorW
DestroyWindow

winmm

waveOutGetNumDevs

ws2_32

ntohs
ioctlsocket
closesocket
WSAGetLastError
gethostname
gethostbyname
htons
connect
send
socket
recv
setsockopt
WSAStartup
inet_addr
select
__WSAFDIsSet

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW
UuidCreate

netapi32

NetUserGetInfo
NetApiBufferFree

msimg32

GradientFill
AlphaBlend

gdiplus

GdipMeasureCharacterRanges
GdipGetImageHeight
GdipSetImageAttributesWrapMode
GdipDisposeImage
GdipCreateLineBrush
GdipGetImageEncoders
GdipGetPropertyItemSize
GdipBitmapLockBits
GdipScaleWorldTransform
GdipDrawString
GdipGetSolidFillColor
GdipSetPenLineJoin
GdipCloneStringFormat
GdipSetPenDashOffset
GdipGetPropertyCount
GdipCreateBitmapFromHICON
GdipSetStringFormatAlign
GdipGetMatrixElements
GdipGetDC
GdipGetWorldTransform
GdipImageGetFrameDimensionsList
GdipSetPenEndCap
GdipGetImagePixelFormat
GdipSetPenMiterLimit
GdipGraphicsClear
GdipCreateMatrix
GdipImageGetFrameCount
GdipGetBrushType
GdipBitmapUnlockBits
GdipRotateWorldTransform
GdipGetImageHorizontalResolution
GdipGetRegionBounds
GdipCloneImage
GdipCreateFontFromLogfontA
GdipGetClip
GdipSetPenDashCap197819
GdipCreateFontFromDC
GdipSetPageUnit
GdipCreateRegion
GdipDrawImageRectRect
GdipGetPropertyIdList
GdipCreateBitmapFromHBITMAP
GdipMeasureString
GdipGetClipBoundsI
GdipCreateBitmapFromScan0
GdipImageSelectActiveFrame
GdipCreateFromHDC
GdipCombineRegionPath
GdipSetStringFormatLineAlign
GdipSetPenDashArray
GdipSetPenDashStyle
GdipGetPropertyItem
GdipImageGetFrameDimensionsCount
GdipDisposeImageAttributes
GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipFillPath
GdipCreateBitmapFromStream
GdipGetImageEncodersSize
GdiplusStartup
GdipGetImageVerticalResolution
GdipDeleteMatrix
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipSetImageAttributesColorMatrix
GdipStringFormatGetGenericTypographic
GdipGetStringFormatFlags
GdipSetLineWrapMode
GdipTranslateWorldTransform
GdipCreateSolidFill
GdipRestoreGraphics
GdipDeleteFont
GdipAddPathArc
GdipDeleteFontFamily
GdipCreatePen2
GdipCreateFont
GdipAddPathLine
GdipCloneBrush
GdipDrawEllipse
GdipResetPath
GdipCreatePath
GdipDrawRectangle
GdipSetTextRenderingHint
GdipFillEllipse
GdipDrawLine
GdipDeletePen
GdipSetClipRegion
GdipSetPenStartCap
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateImageAttributes
GdipGetImageGraphicsContext
GdipReleaseDC
GdipSetInterpolationMode
GdipSetStringFormatFlags
GdipGetImageWidth
GdipSetSolidFillColor
GdipGetGenericFontFamilySansSerif
GdipSaveGraphics
GdipDeleteBrush
GdipGetTextRenderingHint
GdipCreateRegionRect
GdipCreateFontFamilyFromName
GdipDeleteRegion
GdipResetClip
GdipDeletePath
GdipStartPathFigure
GdipFillRectangle
GdipAddPathRectangle
GdipClosePathFigure
GdiplusShutdown
GdipDeleteGraphics
GdipSetSmoothingMode

iphlpapi

GetIpAddrTable
GetAdaptersAddresses

wininet

InternetGetConnectedState
InternetQueryOptionA

secur32

InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
EncryptMessage
DecryptMessage
DeleteSecurityContext
FreeContextBuffer
QueryContextAttributesW
ApplyControlToken

crypt32

CertCloseStore
CertFreeCertificateContext
CryptQueryObject
CertVerifySubjectCertificateContext
CertFindCertificateInStore

wintrust

WinVerifyTrust

Sections

.text
Size: 893KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 617KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccd1d98d4584daae8ab786f85b17e13e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

37:f8:6a:6d:51:6f:4b:2d:c9:6f:6c:9d:9b:5a:54:a0:a0:d2:31:40:f4:63:9b:39:72:e9:25:6b:4a:8d:ee:8bSigner

64:15:f5:06:e4:86:88:c4:96:8a:87:ac:43:a5:2b:5a:b7:8a:28:6eSigner

Headers

File Characteristics

Imports

setupapi

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

rpcrt4

netapi32

msimg32

gdiplus

iphlpapi

wininet

secur32

crypt32

wintrust

Sections

.text Size: 893KB - Virtual size: 892KB

.rdata Size: 318KB - Virtual size: 317KB

.data Size: 12KB - Virtual size: 541KB

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 617KB - Virtual size: 617KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

37:f8:6a:6d:51:6f:4b:2d:c9:6f:6c:9d:9b:5a:54:a0:a0:d2:31:40:f4:63:9b:39:72:e9:25:6b:4a:8d:ee:8b
Signer

64:15:f5:06:e4:86:88:c4:96:8a:87:ac:43:a5:2b:5a:b7:8a:28:6e
Signer

.text
Size: 893KB - Virtual size: 892KB

.rdata
Size: 318KB - Virtual size: 317KB

.data
Size: 12KB - Virtual size: 541KB

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 617KB - Virtual size: 617KB