NEAS[.]c1130bb1d5a6892c37632a4ad4344220[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c1130bb1d5a6892c37632a4ad4344220.exe
Size

3.2MB
MD5

c1130bb1d5a6892c37632a4ad4344220
SHA1

72ed63ada0db14918940bde778ec227879542805
SHA256

67a3c3a52153a04c91199bb229e3454c54949346887abdb0ef27a0868bdfc8f3
SHA512

427cb4a85518f1ab72a3f9df8dd9f81ba597f8d136434582367ab4f613988f8f8f0724ec7dd471f30be0ef1554ac5da7929bd1b2b8adbe9c0c66cfe9a044873b
SSDEEP

98304:K0jdXLq3Zj7Z6Vbrja394EbIEqWvpEJ+RTbV865grUg:hZ0ZWa9vfTbV82yl

Score

1^/10

Malware Config

Signatures

Files

NEAS.c1130bb1d5a6892c37632a4ad4344220.exe
.dll windows:5 windows x86

e0358ff9b1859fe3757aa6d05751db05

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/04/2022, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:04:c0:73:01:52:57:d6:a8:b2:9b:f6:2f:59:26:ae:91:85:39:4a:86:78:a8:b4:58:ba:df:9a:b1:2d:b5:39
Signer

Actual PE Digest

72:04:c0:73:01:52:57:d6:a8:b2:9b:f6:2f:59:26:ae:91:85:39:4a:86:78:a8:b4:58:ba:df:9a:b1:2d:b5:39

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
FormatMessageA
GetSystemTime
FlushFileBuffers
CreateFileMappingW
MapViewOfFile
GetSystemTimeAsFileTime
SystemTimeToFileTime
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetModuleHandleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringW
SetErrorMode
SetEvent
CreateEventW
SetThreadPriority
ResumeThread
lstrcmpA
GlobalGetAtomNameW
FileTimeToSystemTime
GlobalAddAtomW
GetVolumeInformationW
DuplicateHandle
LoadLibraryExW
lstrcmpiW
GlobalFlags
lstrcmpW
EncodePointer
GetSystemDirectoryW
GlobalDeleteAtom
GlobalFindAtomW
GetVersionExW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetLocaleInfoW
GetUserDefaultUILanguage
VirtualProtect
GetCurrentDirectoryW
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount64
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
TerminateThread
CreateThread
ResetEvent
GetLocaleInfoEx
GetStringTypeW
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
SetFilePointerEx
GetFileType
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapQueryInformation
GetCommandLineA
GetCommandLineW
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
SetStdHandle
ExitProcess
GetConsoleMode
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
GetCurrentThreadId
GetFileAttributesW
CreateFileW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
InitializeCriticalSection
WideCharToMultiByte
CopyFileW
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
DeleteFileW
MultiByteToWideChar
WaitForSingleObject
FindClose
GetTempPathW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindNextFileW
FindFirstFileW
GetTickCount
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
Sleep
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
HeapFree

user32

SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
ReleaseCapture
SetCapture
GetNextDlgGroupItem
LoadImageW
TrackMouseEvent
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
IntersectRect
InflateRect
PostQuitMessage
IsDialogMessageW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
SetWindowLongW
EqualRect
DrawStateW
MapWindowPoints
AdjustWindowRectEx
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
FillRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RealChildWindowFromPoint
GetWindow
GetClassNameW
GetDesktopWindow
ClientToScreen
GetWindowRect
SetWindowTextW
GetFocus
GetDlgCtrlID
CharUpperW
DestroyIcon
GetWindowTextLengthW
GetWindowTextW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
MessageBoxW
IsWindowEnabled
EnableWindow
SendMessageW
LoadCursorW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
UnhookWindowsHookEx
SetClassLongW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
CopyRect
WindowFromPoint
GetLastInputInfo
UnregisterClassW
PtInRect

gdi32

GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetTextExtentPoint32W
DPtoLP
SetRectRgn
PatBlt
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetTextMetricsW
OffsetRgn
EnumFontFamiliesExW
CreateRectRgnIndirect
CreateFontIndirectW
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
CreateDCW
GetDeviceCaps
DeleteObject
BitBlt
DeleteDC
SetWindowExtEx
GetRgnBox
Rectangle
LPtoDP
SetPixelV
CreateBitmap
CreateCompatibleDC
CreateRoundRectRgn
SetViewportOrgEx
SetViewportExtEx
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
CopyMetaFileW
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW

advapi32

RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHAppBarMessage
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
SHGetFileInfoW
DragFinish
ShellExecuteW

ole32

CoDisconnectObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
StringFromGUID2

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

GetWindowTheme
GetCurrentThemeName
IsAppThemed
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeSysColor
GetThemePartSize
DrawThemeParentBackground
GetThemeColor
DrawThemeText

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawImageRectI
GdipDrawImageI
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipSetInterpolationMode

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

oleaut32

VariantInit
VarBstrFromDate
VariantChangeType
VariantCopy
SysAllocString
SysFreeString
LoadTypeLi
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear

Exports

Exports

finalize
initialize
processMessage

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0358ff9b1859fe3757aa6d05751db05

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

72:04:c0:73:01:52:57:d6:a8:b2:9b:f6:2f:59:26:ae:91:85:39:4a:86:78:a8:b4:58:ba:df:9a:b1:2d:b5:39Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

shlwapi

uxtheme

gdiplus

oleacc

imm32

winmm

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 461KB - Virtual size: 460KB

.data Size: 30KB - Virtual size: 49KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 160KB - Virtual size: 159KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

72:04:c0:73:01:52:57:d6:a8:b2:9b:f6:2f:59:26:ae:91:85:39:4a:86:78:a8:b4:58:ba:df:9a:b1:2d:b5:39
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 461KB - Virtual size: 460KB

.data
Size: 30KB - Virtual size: 49KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 160KB - Virtual size: 159KB