NEAS[.]c6daf9d3f3b2c956fe6b47a11b8cb2a0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.c6daf9d3f3b2c956fe6b47a11b8cb2a0.exe
Size

419KB
MD5

c6daf9d3f3b2c956fe6b47a11b8cb2a0
SHA1

0129bb1cb812d9b5b4f6b14ed49de21bf0c3856c
SHA256

41a5d90b62000e629847a86ca35efd1bd5be33ef0c4f72f18df20c2d25cc3513
SHA512

d5f6f7688ece047b20e446950b79ee12f673e9a1199b681cbe9a16fa9ff3f90b65793280c66d72f93f6a3d6065da5abef67d7ad540261efb33ffd87e6a204789
SSDEEP

6144:9CBHJmQ8KHidyFD5KV6H4EjhFSKMjVAOjEf7Uq9LW82TbJEg2ifW:wHkxdyFD5/H4EjnWV1WLWJmg2f

Score

1^/10

Malware Config

Signatures

Files

NEAS.c6daf9d3f3b2c956fe6b47a11b8cb2a0.exe
.exe windows:5 windows x86

d54373a62c114f4c89eecf91ff5bdc2b

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:a1:7d:cb:32:e4:33:bd:cc:f3:85:3a:e7:e8:26:87
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

31/05/2017, 05:35

Not After

31/05/2018, 05:35

Subject

CN=Zhuhai Dianyue Network Technology Co.\, Ltd.,O=Zhuhai Dianyue Network Technology Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:81:37:62:c5:6d:45:40:32:90:26:09:6a:d3:a3:68:d4:e5:f7:b9
Signer

Actual PE Digest

83:81:37:62:c5:6d:45:40:32:90:26:09:6a:d3:a3:68:d4:e5:f7:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
InterlockedCompareExchange
EnterCriticalSection
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
Sleep
SetEvent
TerminateThread
DeleteFileA
GetTickCount
OpenProcess
CreateToolhelp32Snapshot
SetEndOfFile
Process32NextW
LoadLibraryW
LocalFree
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetComputerNameA
GetLocalTime
GetDriveTypeW
lstrcpynW
GetCurrentProcessId
GetExitCodeProcess
CreateThread
GetFileSizeEx
RegisterWaitForSingleObject
UnregisterWait
WriteConsoleW
SetStdHandle
WriteFile
ReadFile
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
GetVersionExW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
GetLastError
HeapSize
FindClose
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FindNextFileW
HeapFree
FindFirstFileW
SizeofResource
Process32FirstW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
FormatMessageA
RtlUnwind
FreeLibrary
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
ReadConsoleW

advapi32

StartServiceW
ControlService
QueryServiceStatus
DeleteService
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegSetValueExW
CreateProcessAsUserW
DuplicateTokenEx
RegOpenKeyExW
IsValidSid
GetTokenInformation
ConvertSidToStringSidW
RevertToSelf
GetUserNameW
ImpersonateLoggedOnUser
OpenProcessToken
LookupAccountNameW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

shlwapi

StrToIntW
PathFileExistsA
PathFileExistsW
StrStrIW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestA
InternetCrackUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetReadFileExA
InternetConnectA
HttpSendRequestA

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d54373a62c114f4c89eecf91ff5bdc2b

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

59:a1:7d:cb:32:e4:33:bd:cc:f3:85:3a:e7:e8:26:87Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

83:81:37:62:c5:6d:45:40:32:90:26:09:6a:d3:a3:68:d4:e5:f7:b9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

userenv

wtsapi32

shlwapi

version

wininet

Sections

.text Size: 277KB - Virtual size: 277KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 11KB - Virtual size: 14KB

.gfids Size: 1024B - Virtual size: 596B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 19KB - Virtual size: 18KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

59:a1:7d:cb:32:e4:33:bd:cc:f3:85:3a:e7:e8:26:87
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

19:c2:85:30:e9:3b:36
Certificate

83:81:37:62:c5:6d:45:40:32:90:26:09:6a:d3:a3:68:d4:e5:f7:b9
Signer

.text
Size: 277KB - Virtual size: 277KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 11KB - Virtual size: 14KB

.gfids
Size: 1024B - Virtual size: 596B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 19KB - Virtual size: 18KB