NEAS[.]3fbb9d4961787745bed247e60f6bb7c0[.]cab

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.3fbb9d4961787745bed247e60f6bb7c0.cab
Size

388KB
MD5

3fbb9d4961787745bed247e60f6bb7c0
SHA1

7a44f213d8b2466d0b4c004a7e978b8e4f3938c2
SHA256

e4d23e5f9a847c2e1310d9417e32480667e43114022bc029c43b15c9bcf8327c
SHA512

936ac04a72eeabb614691155dee0414e40a7bbd4263139ccea56aea596a5e965795bace63b5e5d354eef29196bba7c6cd0df781d25bef9de955b2a58c448f271
SSDEEP

6144:K2/dzA/+8YQ5gVuLfxiDrakvXoN5GR+6TjpPKl1aInE/scz/dL+kq85/Tt:3NNQ57kekvu5q+IjpPK/fIsczVDrt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/0	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack001/2

Files

NEAS.3fbb9d4961787745bed247e60f6bb7c0.cab
.cab
0
.exe windows:4 windows x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9e:c6:c7:42:8e:b0:c8:2b:37:c4:0b:84:69:15:e2:f4
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

13-08-2008 00:00

Not After

13-08-2009 23:59

Subject

CN=Browzar Limited,O=Browzar Limited,POSTALCODE=HD1 9ES,STREET=Huddersfield,L=Huddersfield,ST=West Yorkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e2:78:ad:4f:cb:f7:3e:f7:91:78:19:e9:e7:8b:c1:69:cc:46:09:c6
Signer

Actual PE Digest

e2:78:ad:4f:cb:f7:3e:f7:91:78:19:e9:e7:8b:c1:69:cc:46:09:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 193KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1d:66:5a:0a:f5:44:dc:b4
Certificate

Issuer

CN=ActiveDirectoryObjectExistsException

Not Before

02-07-2021 16:00

Not After

03-07-2023 07:00

Subject

CN=ActiveDirectoryObjectExistsException

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:66:5a:0a:f5:44:dc:b4
Certificate

Issuer

CN=ActiveDirectoryObjectExistsException

Not Before

02-07-2021 16:00

Not After

03-07-2023 07:00

Subject

CN=ActiveDirectoryObjectExistsException

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:d3:37:c8:16:03:6f:36:cf:f6:d0:32:c6:b6:e8:bf:e7:99:0c:23:93:f5:cf:e9:57:9e:ca:de:73:c8:11:31
Signer

Actual PE Digest

b1:d3:37:c8:16:03:6f:36:cf:f6:d0:32:c6:b6:e8:bf:e7:99:0c:23:93:f5:cf:e9:57:9e:ca:de:73:c8:11:31

Digest Algorithm

sha256

PE Digest Matches

true

95:db:69:b4:d9:d3:17:d6:3e:d1:c0:4e:b8:71:ad:3c:6b:05:be:26
Signer

Actual PE Digest

95:db:69:b4:d9:d3:17:d6:3e:d1:c0:4e:b8:71:ad:3c:6b:05:be:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

9e:c6:c7:42:8e:b0:c8:2b:37:c4:0b:84:69:15:e2:f4Certificate

Extended Key Usages

Key Usages

e2:78:ad:4f:cb:f7:3e:f7:91:78:19:e9:e7:8b:c1:69:cc:46:09:c6Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 444KB

UPX1 Size: 193KB - Virtual size: 196KB

.rsrc Size: 25KB - Virtual size: 28KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 24KB - Virtual size: 21KB

.rsrc Size: 300KB - Virtual size: 296KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1d:66:5a:0a:f5:44:dc:b4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

1d:66:5a:0a:f5:44:dc:b4Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b1:d3:37:c8:16:03:6f:36:cf:f6:d0:32:c6:b6:e8:bf:e7:99:0c:23:93:f5:cf:e9:57:9e:ca:de:73:c8:11:31Signer

95:db:69:b4:d9:d3:17:d6:3e:d1:c0:4e:b8:71:ad:3c:6b:05:be:26Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 161KB - Virtual size: 160KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Sections

CODE Size: 77KB - Virtual size: 77KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 16KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

9e:c6:c7:42:8e:b0:c8:2b:37:c4:0b:84:69:15:e2:f4
Certificate

e2:78:ad:4f:cb:f7:3e:f7:91:78:19:e9:e7:8b:c1:69:cc:46:09:c6
Signer

UPX0
Size: - Virtual size: 444KB

UPX1
Size: 193KB - Virtual size: 196KB

.rsrc
Size: 25KB - Virtual size: 28KB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 24KB - Virtual size: 21KB

.rsrc
Size: 300KB - Virtual size: 296KB

1d:66:5a:0a:f5:44:dc:b4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

1d:66:5a:0a:f5:44:dc:b4
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b1:d3:37:c8:16:03:6f:36:cf:f6:d0:32:c6:b6:e8:bf:e7:99:0c:23:93:f5:cf:e9:57:9e:ca:de:73:c8:11:31
Signer

95:db:69:b4:d9:d3:17:d6:3e:d1:c0:4e:b8:71:ad:3c:6b:05:be:26
Signer

.text
Size: 161KB - Virtual size: 160KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 77KB - Virtual size: 77KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 16KB