NEAS[.]5ef895053a1a5e1d636388e3e668f760[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5ef895053a1a5e1d636388e3e668f760.exe
Size

350KB
MD5

5ef895053a1a5e1d636388e3e668f760
SHA1

3771f4a0d070a35bc08d951dd150bc7fc54cef67
SHA256

95d1b73e6986b1b26395ac1126f73714e9ba7e5c85008355659e7c69b0ad7f16
SHA512

ab2f7573f8f283128d5d505b82eb5b78b679b01f945bcc08a8e6313769f4f139972e78294823c477857262485605664c03e8f52a0ec189dc740a0966b11cf82d
SSDEEP

6144:bfi2VwQfXMzW2Iuzc30bOLTQdiGIm9I2/eQX0Wt/iy5jXS:bTwg8zW2IuzckbO+Np2ciIS

Score

1^/10

Malware Config

Signatures

Files

NEAS.5ef895053a1a5e1d636388e3e668f760.exe
.dll windows:5 windows x64 arch:x64

28810de115af8cc8400b056de32e2daf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:f8:f0:b5:f9:b4:9d:e1:88:b7:7b:5c:78:de:4b:54
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

16-12-2021 00:00

Not After

27-01-2024 23:59

Subject

CN=SAITO-KIKAKU CORPORATION,O=SAITO-KIKAKU CORPORATION,ST=Fukui,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d7:a8:f1:c5:6d:0a:66:03:00:d6:0b:e3:64:ed:cb:e9:ba:76:8e:1d
Signer

Actual PE Digest

d7:a8:f1:c5:6d:0a:66:03:00:d6:0b:e3:64:ed:cb:e9:ba:76:8e:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetProcAddress
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
lstrcmpA
SetFilePointer
GetSystemTimeAsFileTime
WideCharToMultiByte
GetACP
MultiByteToWideChar
IsDBCSLeadByteEx
GetOEMCP
LoadLibraryExA
GetVersion
LocalUnlock
HeapCompact
GetProcessHeap
LocalReAlloc
IsBadWritePtr
GetSystemDirectoryA
LocalLock
GetPrivateProfileStringA
LocalAlloc
FindFirstFileW
OutputDebugStringW
CopyFileW
GetModuleFileNameW
CreateFileW
GetModuleFileNameA
DeleteFileW
GetTickCount
SetEndOfFile
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
GetStringTypeW
HeapReAlloc
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetStdHandle
RaiseException
RtlPcToFileHeader
HeapAlloc
HeapFree
GetCPInfo
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
HeapSize
GetModuleHandleExW
ExitProcess
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
FlushFileBuffers
DecodePointer
EncodePointer
lstrcpyA
LocalFree
GetFileInformationByHandle
CloseHandle
LocalSize
WinExec
GetCurrentThreadId
GetLocalTime
FindClose
lstrcmpiA
GetLastError
lstrcatA
ReadFile
FileTimeToSystemTime
WriteFile
SystemTimeToFileTime
MoveFileExA
lstrlenA
GetFileSize

user32

GetMenuStringW
DialogBoxParamW
InsertMenuItemA
CreateDialogParamA
SystemParametersInfoA
GetWindowTextLengthA
WindowFromPoint
IsIconic
GetWindowTextLengthW
DestroyWindow
AppendMenuW
GetWindowTextW
PeekMessageW
IsWindowUnicode
SetWindowLongW
DefWindowProcA
GetMenuStringA
CreateDialogParamW
SetWindowLongPtrA
AppendMenuA
MessageBoxW
RegisterClassW
InsertMenuItemW
IsDialogMessageW
GetWindowTextA
SetWindowLongA
MessageBoxA
SetWindowLongPtrW
SendMessageW
CallWindowProcA
DialogBoxParamA
SetWindowTextW
SetDlgItemTextA
CallWindowProcW
RegisterClassA
DispatchMessageW
GetDesktopWindow
SetTimer
KillTimer
LoadIconA
GetDC
ReleaseDC
GetActiveWindow
DestroyIcon
SetCursor
GetDlgItemInt
ScreenToClient
GetWindowRect
GetWindowLongPtrA
SendDlgItemMessageA
TrackPopupMenu
GetTopWindow
IsZoomed
GetLastActivePopup
GetKeyState
GetParent
CallNextHookEx
MessageBeep
wsprintfA
GetClientRect
SetFocus
SendMessageA
TranslateMessage
SetDlgItemInt
InvalidateRect
GetWindowLongA
CreateWindowExA
GetDlgItem
EndDialog
SetWindowsHookExA
SetWindowPos
GetCursorPos
CheckDlgButton
ShowWindow
CreatePopupMenu
IsDlgButtonChecked
PostMessageA
UnhookWindowsHookEx
GetSystemMetrics
EnableWindow
DestroyMenu
LoadCursorA
GetWindow
SetWindowTextA

gdi32

GetDeviceCaps

advapi32

RegCloseKey
RegSetValueExA
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteW
ShellExecuteA

Exports

Exports

AppendSpamWordFromFile
GiveFuncTable
InitializeFilter
IsJapaneseSpamSender
NotifyTuruKameInfo
PurgeSpamWordFromFile
TestSpamWordUpdate

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28810de115af8cc8400b056de32e2daf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

ac:f8:f0:b5:f9:b4:9d:e1:88:b7:7b:5c:78:de:4b:54Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

d7:a8:f1:c5:6d:0a:66:03:00:d6:0b:e3:64:ed:cb:e9:ba:76:8e:1dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 210KB - Virtual size: 210KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 14KB - Virtual size: 112KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 3KB - Virtual size: 2KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

ac:f8:f0:b5:f9:b4:9d:e1:88:b7:7b:5c:78:de:4b:54
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

d7:a8:f1:c5:6d:0a:66:03:00:d6:0b:e3:64:ed:cb:e9:ba:76:8e:1d
Signer

.text
Size: 210KB - Virtual size: 210KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 14KB - Virtual size: 112KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 3KB - Virtual size: 2KB