NEAS[.]23dc58d5e0be2034e42724f429936370[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.23dc58d5e0be2034e42724f429936370.exe
Size

7.4MB
MD5

23dc58d5e0be2034e42724f429936370
SHA1

0af0d2509cd2b1d09989ac6c8b998c8bb77742d3
SHA256

97cd7e07dd22d403b43c5edc098292907f3828828b3907ae830ce258038bdc99
SHA512

72e8d088b7e8d04b2cae820b6136d0feaefa51dde71002729bb0e8666369b446f389cd724a0e71ac371b1be45f814d00fbff155e7119c40614e3e0047cb90a7b
SSDEEP

98304:2Zc+f3Duk1JCvx/iUx/5S+wmuHfY+5RrFOC08ZzvERz:2+43DMhrS+wxfYhCfZoF

Score

1^/10

Malware Config

Signatures

Files

NEAS.23dc58d5e0be2034e42724f429936370.exe
.exe windows:5 windows x86

7a6efd022d8808a9c767f4297006c03b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

35:d7:db:99:69:a2:6a:61:ea:6c:d9:87:15:cb:20:23
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/09/2014, 00:00

Not After

25/09/2015, 23:59

Subject

CN=TUNEUP PRO SOFTWARE SERVICES LLP,O=TUNEUP PRO SOFTWARE SERVICES LLP,L=Jaipur,ST=Rajasthan,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:86:75:ab:74:88:4b:3d:9a:37:6a:51:7e:91:52:26:77:91:08:f8
Signer

Actual PE Digest

0a:86:75:ab:74:88:4b:3d:9a:37:6a:51:7e:91:52:26:77:91:08:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
LockResource
LoadResource
RtlUnwind
HeapSize
GetProcessHeap
InterlockedCompareExchange
FindResourceW
GlobalLock
GlobalUnlock
GlobalAlloc
Sleep
IsBadReadPtr
GetModuleHandleW
GetProcAddress
GetVersionExW
GetLastError
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
lstrlenW
WideCharToMultiByte
GetLogicalDriveStringsW
GetCurrentThread
GetCurrentProcess
LocalAlloc
LocalFree
CloseHandle
lstrcpyW
SetLastError
LoadLibraryW
lstrlenA
MultiByteToWideChar
FreeResource
GetSystemTime
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
WaitForSingleObject
ExpandEnvironmentStringsW
GetDriveTypeW
SearchPathW
InitializeCriticalSection
CreateEventW
ResetEvent
SetEvent
SuspendThread
ResumeThread
TryEnterCriticalSection
HeapReAlloc
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
GetStartupInfoW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetFileTime
GetFileSizeEx
GetFileAttributesExW
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
GlobalFree
GetCurrentProcessId
RemoveDirectoryW
CreateProcessW
CopyFileW
MulDiv
GetTempFileNameW
GetShortPathNameW
SetThreadPriority
SetPriorityClass
QueryDosDeviceW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetLogicalDrives
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
GetComputerNameW
RaiseException
GlobalMemoryStatusEx
InterlockedDecrement
ReleaseMutex
CreateMutexW
GetModuleFileNameW
SetFileAttributesW
LoadLibraryA
DeleteCriticalSection
lstrcmpW
ExitProcess
GetTickCount
GetLocalTime
UnmapViewOfFile
GetFileSize
GetFileInformationByHandle
SetFileTime
CreateDirectoryW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
FindNextFileW
InterlockedIncrement
InterlockedExchange
ReadFile
SetFilePointer
FindClose
CreateFileW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiW
GetCPInfo
GetVersion
DeleteFileW
WriteFile
SizeofResource

user32

SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
DestroyWindow
GetMessageTime
GetMessagePos
SetMenu
GetScrollPos
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetWindowPos
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
UnhookWindowsHookEx
GetMenuStringW
IsWindowEnabled
ScreenToClient
wsprintfW
InvalidateRgn
RedrawWindow
SetActiveWindow
DrawAnimatedRects
SetParent
EnumChildWindows
CheckMenuItem
RegisterWindowMessageW
IsIconic
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
MessageBoxW
SetMenuDefaultItem
GetSystemMenu
RegisterWindowMessageA
BringWindowToTop
SetWindowLongW
GetKeyState
GetLastActivePopup
TrackPopupMenu
EnableMenuItem
SetMenuItemInfoW
LoadMenuW
GetWindowLongW
GetSubMenu
RemoveMenu
GetSysColorBrush
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
GetMenuItemCount
AppendMenuW
ReleaseDC
GetDC
GetDesktopWindow
DestroyIcon
DrawIconEx
GetMenuItemInfoW
SetRect
DrawEdge
SetFocus
UnregisterClassW
CharNextW
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
FindWindowExW
SetForegroundWindow
ShowWindow
WaitForInputIdle
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
ValidateRect
CharUpperW
DestroyMenu
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
WindowFromPoint
CopyAcceleratorTableW
LoadBitmapW
EnableWindow
LoadCursorW
SetCursor
InvalidateRect
GetParent
MapWindowPoints
GetClassNameW
IsRectEmpty
GetWindowDC
SendMessageW
CopyRect
LoadImageW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetAsyncKeyState
GetClientRect
PostMessageW
SetWindowRgn
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
SetTimer
KillTimer
GetWindowRect
IsWindow
SystemParametersInfoW
UpdateWindow
PostQuitMessage
GetCursorPos
SetCapture
GetCapture
PeekMessageW
GetMessageW
DispatchMessageW
FindWindowW
GetDlgCtrlID
GetWindow
MoveWindow
AdjustWindowRectEx
ClientToScreen
EndPaint
BeginPaint
GetSystemMetrics
DrawFocusRect
FillRect
GetSysColor
TranslateMessage
LoadIconW
PtInRect
ReleaseCapture
OffsetRect
GetTopWindow

gdi32

LineTo
MoveToEx
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
GetStockObject
GetRgnBox
GetTextColor
GetClipBox
SetTextColor
SetBkMode
RestoreDC
SaveDC
SetBkColor
CombineRgn
CreateRectRgn
Rectangle
SetPixel
GetPixel
CreateDIBSection
Ellipse
GetTextExtentPoint32W
GetBkMode
CreatePen
GetDeviceCaps
DeleteObject
CreateFontW
GetTextExtentPointA
GetTextMetricsA
DeleteDC
SelectObject
CreateSolidBrush
PatBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateRoundRectRgn
GetBkColor
DPtoLP
GetMapMode
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
BitBlt
CreateFontIndirectW
CreateRectRgnIndirect
StretchBlt
SetMapMode
LPtoDP

comdlg32

GetFileTitleW

advapi32

RegQueryValueW
RegOpenKeyW
RegSaveKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegFlushKey
GetUserNameW
ChangeServiceConfigW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegEnumKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
OpenThreadToken

shell32

SHAppBarMessage
Shell_NotifyIconW
DragAcceptFiles
SHChangeNotify
ShellExecuteW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW

comctl32

ImageList_GetIconSize
_TrackMouseEvent
ord17

shlwapi

SHDeleteValueW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindNextComponentW
PathFindFileNameW
SHDeleteKeyW
StrFormatByteSizeW
PathAppendW
SHCreateStreamOnFileW
PathSearchAndQualifyW
PathFindOnPathW
PathIsNetworkPathW
PathIsFileSpecW
PathGetArgsW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantCopy
VarDateFromStr
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VarUdateFromDate
SysAllocStringLen
SysStringLen
DispCallFunc
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
OleCreateFontIndirect

urlmon

URLDownloadToFileW

sfc

SfcIsFileProtected

xmllite

CreateXmlWriter

rpcrt4

RpcStringFreeW
UuidToStringW

secur32

GetUserNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

GetProfilesDirectoryW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a6efd022d8808a9c767f4297006c03b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

35:d7:db:99:69:a2:6a:61:ea:6c:d9:87:15:cb:20:23Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0a:86:75:ab:74:88:4b:3d:9a:37:6a:51:7e:91:52:26:77:91:08:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

sfc

xmllite

rpcrt4

secur32

version

userenv

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 308KB - Virtual size: 308KB

.data Size: 31KB - Virtual size: 72KB

.rsrc Size: 5.8MB - Virtual size: 5.8MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

35:d7:db:99:69:a2:6a:61:ea:6c:d9:87:15:cb:20:23
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0a:86:75:ab:74:88:4b:3d:9a:37:6a:51:7e:91:52:26:77:91:08:f8
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 308KB - Virtual size: 308KB

.data
Size: 31KB - Virtual size: 72KB

.rsrc
Size: 5.8MB - Virtual size: 5.8MB