NEAS[.]a83ab7fbbf03073bfb2350cb9305a470[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a83ab7fbbf03073bfb2350cb9305a470.exe
Size

231KB
MD5

a83ab7fbbf03073bfb2350cb9305a470
SHA1

3477b03ddb3a2e0c3201110e53a541a3a56a6c40
SHA256

b9fdba3719776f64b807df8deed52205efc9181fa7c71b1f18962bebfc5b8424
SHA512

f50fc753adbd8cde60b5af6f25b5e1a85b5b28191ca358f33e2357ce669149a1c16f5a1b1045bfa6ba83553251ec82fc2745088cff8a106de99fe41edc41f331
SSDEEP

6144:w0CshD7CcAxBKfylXLeXGIpbmIIGSWcBGR/Dlv:3LhPCdBaIXLYGimPGSfB4pv

Score

1^/10

Malware Config

Signatures

Files

NEAS.a83ab7fbbf03073bfb2350cb9305a470.exe
.exe windows:4 windows x86

e4d8c3a1a334a5b30c07d0ae1540afcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/04/2010, 00:00

Not After

09/04/2011, 23:59

Subject

CN=TrustPort,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustPort,L=Brno,ST=Morava,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87
Signer

Actual PE Digest

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
RemoveDirectoryW
DosDateTimeToFileTime
GetEnvironmentStringsW
LoadLibraryA
FileTimeToLocalFileTime
lstrlenA
GlobalDeleteAtom
DeleteAtom
GetSystemDirectoryW
SetLastError
GetTimeFormatW
OpenWaitableTimerW
FlushFileBuffers
GetFullPathNameA
GetMailslotInfo
CreateThread
DuplicateHandle
FindResourceA
GetSystemInfo
GetProcAddress
GetCPInfo
IsBadReadPtr
InitializeCriticalSection
SetComputerNameA
GetAtomNameW

user32

AppendMenuW
MonitorFromPoint
DeleteMenu
MessageBoxIndirectW
DialogBoxParamW
SendDlgItemMessageA
GetClassNameW
GetMenuItemCount
WinHelpA
GetActiveWindow
CopyRect
RegisterClassExW
CreateCaret
MonitorFromWindow
PeekMessageW
CheckMenuItem
SendMessageA
ActivateKeyboardLayout
DrawIcon
CheckDlgButton
CallWindowProcW
GetTopWindow
ReleaseDC
CreateDialogIndirectParamA
GetKeyboardLayout
CharPrevW
GetClassInfoExA
LoadImageW
GetWindowRgn
CharPrevA
GetMenu
SetActiveWindow
UpdateLayeredWindow
GetSysColorBrush
SendDlgItemMessageW
SendMessageW
keybd_event
EnableMenuItem
EnumWindows
SetWindowPos
ClientToScreen
CharUpperW
IsWindow
wsprintfW
InvalidateRgn
SetDlgItemTextW
RegisterClassA
GetClassInfoW
LoadMenuIndirectW

gdi32

GetPixelFormat
SetICMMode
CreateDCW
GetObjectA
EnumFontsA
GetEnhMetaFilePaletteEntries
CreateFontIndirectW
SetDIBColorTable
PolyPolygon
EnumFontsW
LPtoDP
GetPaletteEntries
CloseEnhMetaFile
SelectBrushLocal
EndPage
GetRegionData
Polyline
CheckColorsInGamut
Ellipse

advapi32

RegQueryInfoKeyW
RegReplaceKeyW
RegQueryValueA
RegQueryInfoKeyA
RegOpenKeyA
RegRestoreKeyW
RegCloseKey
RegOpenKeyW

shlwapi

StrChrIA
PathCommonPrefixA
PathFindFileNameW
StrRetToBufA
UrlApplySchemeA
SHQueryValueExW
SHDeleteEmptyKeyA
SHRegQueryInfoUSKeyW
PathUnExpandEnvStringsA

urlmon

IsLoggingEnabledA
GetSoftwareUpdateInfo
RegisterFormatEnumerator
ReleaseBindInfo
CoInternetCreateZoneManager
IsJITInProgress
HlinkNavigateString
URLDownloadA
RegisterBindStatusCallback
CoInstall
CreateURLMonikerEx
UrlMkBuildVersion
ObtainUserAgentString

wsock32

SetServiceA
WSAAsyncSelect
MigrateWinsockConfiguration
GetTypeByNameA
recvfrom
rresvport
TransmitFile
getpeername
socket
gethostbyname
WSAGetLastError
send
WSAUnhookBlockingHook
sendto

crypt32

CertFindRDNAttr
I_CryptRegisterSmartCardStore
CertAddEncodedCertificateToSystemStoreW
I_CryptFindSmartCardCertInStore
CertEnumCRLsInStore
I_CryptGetLruEntryIdentifier
I_CertProtectFunction
CryptGetDefaultOIDFunctionAddress
CertRDNValueToStrA
PFXVerifyPassword
I_CryptGetAsn1Decoder
CryptInstallOIDFunctionAddress

Sections

.I
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lEq
Size: 4KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ejkao
Size: 3KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jS
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RuWz
Size: 1KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TsV
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ng
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 174KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.S
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aVqhQ
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZTNeF
Size: 2KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4d8c3a1a334a5b30c07d0ae1540afcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

urlmon

wsock32

crypt32

Sections

.I Size: 5KB - Virtual size: 5KB

.lEq Size: 4KB - Virtual size: 373KB

.ejkao Size: 3KB - Virtual size: 109KB

.jS Size: 13KB - Virtual size: 12KB

.RuWz Size: 1KB - Virtual size: 227KB

.TsV Size: 4KB - Virtual size: 21KB

.ng Size: 1KB - Virtual size: 416KB

.data Size: 174KB - Virtual size: 378KB

.S Size: 1024B - Virtual size: 3KB

.aVqhQ Size: 4KB - Virtual size: 3KB

.ZTNeF Size: 2KB - Virtual size: 296KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 894B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87
Signer

.I
Size: 5KB - Virtual size: 5KB

.lEq
Size: 4KB - Virtual size: 373KB

.ejkao
Size: 3KB - Virtual size: 109KB

.jS
Size: 13KB - Virtual size: 12KB

.RuWz
Size: 1KB - Virtual size: 227KB

.TsV
Size: 4KB - Virtual size: 21KB

.ng
Size: 1KB - Virtual size: 416KB

.data
Size: 174KB - Virtual size: 378KB

.S
Size: 1024B - Virtual size: 3KB

.aVqhQ
Size: 4KB - Virtual size: 3KB

.ZTNeF
Size: 2KB - Virtual size: 296KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 894B