NEAS[.]dc0e0b29665250c7a19f6b99706ba3d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.dc0e0b29665250c7a19f6b99706ba3d0.exe
Size

672KB
MD5

dc0e0b29665250c7a19f6b99706ba3d0
SHA1

1e0abe46e1b82ac2cf32ebd47242402527630ea9
SHA256

1961cb30d2df77d5d8102929b7cb0adb40afa47892c47dfe1fe4ec5edf0e3850
SHA512

bde829182d1872db75189b2286358d049dbed060c67f66a6c79d5bbc8b154a77b65cd6ea29874a50879b51ed29e1bd39c4a6450d6056054b5c8c76668776d893
SSDEEP

12288:fZTV1IqPKGpVYLAjYBcgcB5rCjNhcbBnT8yBjvrEH7a:fZ51IqPCcg25W5OnTHrEH7a

Score

1^/10

Malware Config

Signatures

Files

NEAS.dc0e0b29665250c7a19f6b99706ba3d0.exe
.exe windows:5 windows x86 arch:x86

42cc289f13f99a7328aeaee132f1f728

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/03/2015, 00:00

Not After

18/04/2018, 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:74:9b:90:32:d1:a7:19:29:9f:b6:95:0a:32:8b:58:58:0b:b4:46
Signer

Actual PE Digest

64:74:9b:90:32:d1:a7:19:29:9f:b6:95:0a:32:8b:58:58:0b:b4:46

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
GetFileAttributesExW
GetCommandLineW
HeapFree
HeapAlloc
RtlUnwind
ExitProcess
GetModuleHandleExW
RaiseException
HeapReAlloc
HeapSize
HeapQueryInformation
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetProcessHeap
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetErrorMode
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
Sleep
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
FileTimeToSystemTime
GetCurrentProcess
WriteFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
InterlockedIncrement
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
InterlockedDecrement
FormatMessageW
LocalFree
GlobalFree
GlobalUnlock
GlobalFindAtomW
LoadLibraryW
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryW
GetVersion
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
OutputDebugStringA
GetFileAttributesW
SetLastError
GlobalAddAtomW
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
LoadLibraryExW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
InterlockedExchange
GetACP
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
ReleaseMutex
GetProcAddress
GetLastError
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
WaitForSingleObject
GetEnvironmentStringsW
CreateMutexW

user32

ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
UnhookWindowsHookEx
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetCapture
GetDlgCtrlID
GetDlgItem
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetWindow
GetWindowTextW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongW
MessageBoxW
GetParent
SendMessageW
UnregisterClassW
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
PostMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
DestroyMenu
CharUpperW
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
KillTimer
SetTimer
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
GetSystemMetrics
RealChildWindowFromPoint
ClientToScreen
SetWindowTextW
GetMenu

gdi32

Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetMapMode
DeleteDC
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
DeleteObject
GetDeviceCaps
CreateBitmap
SetTextColor
SetBkColor

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteExW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW
PathStripToRootW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42cc289f13f99a7328aeaee132f1f728

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

64:74:9b:90:32:d1:a7:19:29:9f:b6:95:0a:32:8b:58:58:0b:b4:46Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oleacc

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 303KB - Virtual size: 303KB

.reloc Size: 72KB - Virtual size: 72KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

64:74:9b:90:32:d1:a7:19:29:9f:b6:95:0a:32:8b:58:58:0b:b4:46
Signer

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 303KB - Virtual size: 303KB

.reloc
Size: 72KB - Virtual size: 72KB