NEAS[.]4601163c95787d399678858afaba3c50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4601163c95787d399678858afaba3c50.exe
Size

397KB
MD5

4601163c95787d399678858afaba3c50
SHA1

1e2e1b13ab32a522a2d88036b8bb5d610dd4e572
SHA256

66f751c797ca00f93e2741528f6f13471050155c96c6a78711c8e0153ee02f41
SHA512

ccbbdc3fe74a4e5398957b38d0e842c439318dff7b7c853705e510210b82e03f6793c2598ae44b8149e0bb8b40195933b9fa8dad32cfaa1a98dd341bf1df422b
SSDEEP

6144:T38Pg0d7SI3dcW4bjVU/jY5brcTHShC0FCdkf:TsPdSIaW4bq/M1cTyhC0FC

Score

1^/10

Malware Config

Signatures

Files

NEAS.4601163c95787d399678858afaba3c50.exe
.exe windows:5 windows x86 arch:x86

3fe50339235a9b69d8fde81bb3cbab14

Code Sign

02:01
Certificate

Issuer

OU=Starfield Class 2 Certification Authority,O=Starfield Technologies\, Inc.,C=US

Not Before

16/11/2006, 01:15

Not After

16/11/2026, 01:15

Subject

SERIALNUMBER=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:53:85:1a:8b:58:2b
Certificate

Issuer

SERIALNUMBER=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

19/11/2010, 16:25

Not After

19/11/2013, 16:25

Subject

CN=SoftPlan Systems Inc.,O=SoftPlan Systems Inc.,L=Brentwood,ST=TN,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8a:d7:82:ff:2b:53:fb:89:04:41:8b:e8:fb:97:aa:73:3a:70:e8:f5
Signer

Actual PE Digest

8a:d7:82:ff:2b:53:fb:89:04:41:8b:e8:fb:97:aa:73:3a:70:e8:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sputil

?ClearPageSetupOnlyIfPrinterIsDifferent@@YAHPAUHWND__@@AAUtagPSDA@@PAUHINSTANCE__@@H@Z
?GetUserSpecifiedPageSetup@@YAHPAUHWND__@@AAUtagPSDA@@PAUHINSTANCE__@@AA_NH@Z

kernel32

GetCurrentProcess
TerminateProcess
GetStartupInfoA
UnhandledExceptionFilter
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GlobalLock
GlobalAlloc
lstrcpyA
GlobalHandle
GlobalUnlock
GlobalFree
GetCurrentThreadId
GetCurrentProcessId
InterlockedCompareExchange

user32

EndPaint
SetRect
BeginPaint
PostQuitMessage
SetScrollPos
SetScrollRange
OffsetRect
ScrollWindow
MessageBoxA
SendMessageA
KillTimer
SetCursor
LoadCursorA
MoveWindow
GetWindowRect
GetMessageA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterClassA
DefWindowProcA
DestroyWindow
LoadStringA
wsprintfA
GetClientRect
GetDC
InvalidateRect
ReleaseDC
CreateWindowExA
GetWindowLongA
GetSystemMetrics
ShowWindow
UpdateWindow

gdi32

StartPage
DeleteDC
EndPage
GetStockObject
EndDoc
SelectPalette
RealizePalette
StartDocA
DeleteObject

comdlg32

PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

ltdis10n

ord122
ord132
ord134
ord135

ltfil10n

ord100
ord103
ord102

ltkrn10n

ord197
ord125
ord134

msvcr90

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_encode_pointer
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
_except_handler4_common
_invoke_watson
_initterm
memset
memcpy
isspace
__getmainargs
_controlfp_s

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fe50339235a9b69d8fde81bb3cbab14

Code Sign

02:01Certificate

Key Usages

04:53:85:1a:8b:58:2bCertificate

Extended Key Usages

Key Usages

8a:d7:82:ff:2b:53:fb:89:04:41:8b:e8:fb:97:aa:73:3a:70:e8:f5Signer

Headers

DLL Characteristics

File Characteristics

Imports

sputil

kernel32

user32

gdi32

comdlg32

ltdis10n

ltfil10n

ltkrn10n

msvcr90

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 378KB - Virtual size: 377KB

02:01
Certificate

04:53:85:1a:8b:58:2b
Certificate

8a:d7:82:ff:2b:53:fb:89:04:41:8b:e8:fb:97:aa:73:3a:70:e8:f5
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 378KB - Virtual size: 377KB