NEAS[.]f0ea9c20d4c909b1ef9a9a75cd015080[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f0ea9c20d4c909b1ef9a9a75cd015080.exe
Size

324KB
MD5

f0ea9c20d4c909b1ef9a9a75cd015080
SHA1

5520f047e40157c69f2bfaab340e4bead94eef1c
SHA256

9fa094106657c15d94f8f4cdc26ebe8bc81c86d628dc965243ceecf2b393555d
SHA512

397284740c269a75a295fa75e02fc79e8f0c6cb45664cff728dbd66eb2c127b6aa65cbcef635053749c5575cd4ce77ee2f3da9d6100c688858828ff9076a22db
SSDEEP

6144:tD/GzZe/TeXsCiUgh/rM3EEnL2GROxyfg/32p0YHd02:tDGkTasCizhzM3EOiGRIvEe2

Score

1^/10

Malware Config

Signatures

Files

NEAS.f0ea9c20d4c909b1ef9a9a75cd015080.exe
.dll regsvr32 windows:4 windows x86

55c059d11d7ab808b0adbe5ee9b54a4c

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:dc:79:37:62:7e:b6:4b:87:06:c2:2a:b0:f5:18:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/04/2014, 00:00

Not After

07/04/2017, 23:59

Subject

CN=SHANGHAI ZHIYOU NETWORK TECHNOLOGY CO.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=SHANGHAI ZHIYOU NETWORK TECHNOLOGY CO.\,LTD,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:de:ca:76:26:48:a5:dd:a0:90:23:cf:71:96:7a:3c:43:6a:b8:93
Signer

Actual PE Digest

4c:de:ca:76:26:48:a5:dd:a0:90:23:cf:71:96:7a:3c:43:6a:b8:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFlags
GetProcessVersion
FlushFileBuffers
RtlUnwind
HeapReAlloc
GetCommandLineA
RaiseException
CreateThread
ExitThread
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetErrorMode
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThread
CreateEventW
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
GetVersion
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetTimeZoneInformation
SetTimeZoneInformation
SystemTimeToFileTime
MulDiv
GlobalUnlock
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalLock
GetTempPathW
lstrlenA
MultiByteToWideChar
SetSystemTime
SetLastError
GetSystemTime
Sleep
CopyFileW
GetTempFileNameW
MoveFileExW
WritePrivateProfileStringW
CreateProcessW
HeapAlloc
HeapFree
GetModuleFileNameA
ExitProcess
lstrcmpW
GetTickCount
TerminateProcess
OpenEventW
GetSystemDirectoryW
GetModuleFileNameW
GetCurrentProcessId
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GlobalFree
GlobalAlloc
GetCurrentProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
lstrcmpiW
GetModuleHandleW
GetProcAddress
OpenProcess
DeviceIoControl
GetVersionExW
GetLocalTime
GetLastError
LocalFree
OutputDebugStringW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
WaitForSingleObject
GetExitCodeProcess
GetACP
OpenMutexW
lstrlenW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
lstrcpynW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
VirtualFree
CloseHandle

user32

GetSysColorBrush
UnregisterClassW
DestroyMenu
PostQuitMessage
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetMessageW
TranslateMessage
ValidateRect
wvsprintfW
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
EnableMenuItem
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
DispatchMessageW
GetFocus
AdjustWindowRectEx
IsWindowVisible
GetTopWindow
GetCapture
WinHelpW
wsprintfW
RegisterClassW
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetWindow
SetWindowLongW
RegisterWindowMessageW
SystemParametersInfoW
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
CreateWindowExW
CopyRect
ReleaseCapture
SetCapture
GetParent
InvalidateRect
IsRectEmpty
SetRect
GetSysColor
LoadMenuW
GetSubMenu
CheckMenuItem
GetCursorPos
ScreenToClient
LoadCursorW
SetCursor
PtInRect
GetClientRect
GetSystemMetrics
ShowWindow
OffsetRect
ExitWindowsEx
SetWindowPos
SendMessageW
LoadBitmapW
SetTimer
KillTimer
EqualRect
InflateRect
FillRect
UpdateLayeredWindow
GetWindowRect
GetClassInfoW
GetDlgItemTextA
GetDlgItem
SetFocus
LoadStringW
GetDesktopWindow
GetActiveWindow
MessageBoxA
GetForegroundWindow
GetWindowLongW
SetForegroundWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId
GetLastInputInfo
IsWindow
MessageBoxW
PostMessageW
FindWindowW
EnableWindow
IsIconic

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
GetDeviceCaps
DeleteObject
SetBkMode
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
EnumFontsW
GetClipBox
GetObjectW
CreateFontIndirectW
GetPixel
SetPixelV
SelectObject
BitBlt
CreateFontW
CreateCompatibleBitmap
StretchBlt
GetStockObject
CreateCompatibleDC
ScaleWindowExtEx

comdlg32

GetOpenFileNameW
ChooseColorW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

comctl32

ord17
_TrackMouseEvent

ole32

CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
SHSetValueW
SHGetValueW
PathFindFileNameW
SHDeleteKeyW
PathFileExistsW
SHDeleteValueW
PathRemoveExtensionW
SHGetValueA

gdiplus

GdipGetGenericFontFamilySansSerif
GdipSetInterpolationMode
GdipGetInterpolationMode
GdipDeleteFontFamily
GdipDrawString
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipAlloc
GdipCloneBrush
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDeleteBrush
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawImageRectRectI
GdipCreateFont
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateFontFamilyFromName

ws2_32

WSAStartup
WSACleanup
select
closesocket
recv
send
connect
htons
inet_addr
gethostbyname
socket
htonl
ntohl

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW
EnumProcesses

Exports

Exports

Command
DllRegisterServer
DllUnregisterServer
FltLayTimeSetting
Init
IsLimitGame
Recover
RunTimeSecSetting
Setting
TimeInternetSynch
UnInit

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55c059d11d7ab808b0adbe5ee9b54a4c

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

51:dc:79:37:62:7e:b6:4b:87:06:c2:2a:b0:f5:18:87Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4c:de:ca:76:26:48:a5:dd:a0:90:23:cf:71:96:7a:3c:43:6a:b8:93Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

shlwapi

gdiplus

ws2_32

version

psapi

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 169KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 28KB - Virtual size: 54KB

.rsrc Size: 56KB - Virtual size: 53KB

.reloc Size: 24KB - Virtual size: 23KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

51:dc:79:37:62:7e:b6:4b:87:06:c2:2a:b0:f5:18:87
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4c:de:ca:76:26:48:a5:dd:a0:90:23:cf:71:96:7a:3c:43:6a:b8:93
Signer

.text
Size: 172KB - Virtual size: 169KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 28KB - Virtual size: 54KB

.rsrc
Size: 56KB - Virtual size: 53KB

.reloc
Size: 24KB - Virtual size: 23KB