NEAS[.]fcb25333f796405f113982f7ce7f1cb0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fcb25333f796405f113982f7ce7f1cb0.exe
Size

3.3MB
MD5

fcb25333f796405f113982f7ce7f1cb0
SHA1

ac029f3af5c4d50b02159dad4106dee8004e18c8
SHA256

6c517b1fc9fb4595027e0aa341e93f8071f63a72e1adb82f62a3fdb5eedfdc2e
SHA512

5c6fb09165f24d7e7c36f64c748cf2d4d15d83bd82d4d2336e98b02c9bc395a1caff113beb6417bcad76d6aec4ae3df49a0a8fbd81c6207c03b958fbd54e38ec
SSDEEP

49152:vjBwLzthzpLilrlAdlNtHRJ52OGlXw/n8mng+Yv5aGFgxhXnlwC:zHAdrtxJ52O8X8ov5aGFgxh3lwC

Score

1^/10

Malware Config

Signatures

Files

NEAS.fcb25333f796405f113982f7ce7f1cb0.exe
.exe windows:6 windows x64

40266950567f9aa219917ac074c96b49

Code Sign

53:50:91:e6:ca:b1:3a:f3:93:b5:1e:ad:08:25:f6:27
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2021, 00:00

Not After

10/05/2024, 23:59

Subject

CN=Advanced Micro Devices Inc.,O=Advanced Micro Devices Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:f5:8d:92:80:da:b9:71:3c:1f:ec:76:a9:5f:5e:1e:e1:3a:6b:9f:cb:d2:2c:88:15:ff:98:d9:da:ea:58:32
Signer

Actual PE Digest

f7:f5:8d:92:80:da:b9:71:3c:1f:ec:76:a9:5f:5e:1e:e1:3a:6b:9f:cb:d2:2c:88:15:ff:98:d9:da:ea:58:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

inet_pton
socket
sendto
send
WSAGetLastError
htons
WSACleanup
closesocket
WSASend
select
WSASetLastError
WSASocketW
getaddrinfo
WSAStartup
connect
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

GetUserProfileDirectoryW

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptImportKey
BCryptExportKey
BCryptDecrypt
BCryptEncrypt

wininet

InternetReadFile
InternetOpenA
InternetWriteFile
InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
HttpQueryInfoA
InternetConnectA

winhttp

WinHttpWriteData
WinHttpOpen
WinHttpSetOption
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpSendRequest
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle

kernel32

GetFileType
SetFilePointerEx
GetFileSizeEx
WriteFile
GetStdHandle
ExitProcess
ReadFile
GetModuleHandleExW
ExitThread
RtlUnwindEx
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
WriteConsoleW
HeapSize
SetEndOfFile
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
FlushFileBuffers
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
DeleteFileW
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
GetLocaleInfoW
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
Sleep
FormatMessageW
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
GetSystemTime
FormatMessageA
CreateIoCompletionPort
MultiByteToWideChar
FindClose
FindNextFileW
GetCurrentProcess
GetModuleFileNameW
GetSystemInfo
GetModuleHandleA
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetConsoleCP
GetConsoleMode
HeapFree
HeapReAlloc
HeapAlloc
GetDateFormatW
RtlUnwind
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
CreateThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
LCMapStringW
CompareStringW
CreateFileW
FindFirstFileExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
EnumSystemLocalesW

user32

wsprintfW

advapi32

CryptHashData
OpenProcessToken
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCloseKey
RegOpenKeyExW
RegGetValueW

shell32

SHGetKnownFolderPath

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

Exports

Exports

cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40266950567f9aa219917ac074c96b49

Code Sign

53:50:91:e6:ca:b1:3a:f3:93:b5:1e:ad:08:25:f6:27Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f7:f5:8d:92:80:da:b9:71:3c:1f:ec:76:a9:5f:5e:1e:e1:3a:6b:9f:cb:d2:2c:88:15:ff:98:d9:da:ea:58:32Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

userenv

bcrypt

wininet

winhttp

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 749KB - Virtual size: 748KB

.data Size: 133KB - Virtual size: 158KB

.pdata Size: 153KB - Virtual size: 152KB

.rsrc Size: 551KB - Virtual size: 551KB

.reloc Size: 21KB - Virtual size: 20KB

53:50:91:e6:ca:b1:3a:f3:93:b5:1e:ad:08:25:f6:27
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f7:f5:8d:92:80:da:b9:71:3c:1f:ec:76:a9:5f:5e:1e:e1:3a:6b:9f:cb:d2:2c:88:15:ff:98:d9:da:ea:58:32
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 749KB - Virtual size: 748KB

.data
Size: 133KB - Virtual size: 158KB

.pdata
Size: 153KB - Virtual size: 152KB

.rsrc
Size: 551KB - Virtual size: 551KB

.reloc
Size: 21KB - Virtual size: 20KB