NEAS[.]8094acea75e4dd78bdfd003f446db570[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8094acea75e4dd78bdfd003f446db570.exe
Size

1.7MB
MD5

8094acea75e4dd78bdfd003f446db570
SHA1

c8a339e1a6c85e31f3afbae96db8e091ec5adb8f
SHA256

f0bd1969f373de1d0757344fe01c1e3b467e17dff76a2287b7d554929d36f084
SHA512

22a6c02ad0e3ede8b878176daa60190da19324e45a80d56d73e5ac85df1c92c2214e5f0b680f278b782a1cb2f255b8817f9cf58cc90780b8cc0eb18072ad04ca
SSDEEP

24576:GZJy9kYH32OB3GM/y8hLEInPkjDbWYSSE18wbt+VLNRLaVxLAp0Exo7/QIl39gLD:GZJy9Z2YD9EsMVLf0Y0EYa

Score

1^/10

Malware Config

Signatures

Files

NEAS.8094acea75e4dd78bdfd003f446db570.exe
.exe windows:4 windows x64 arch:x64

832b249030fa95699718543ce7e52834

Code Sign

38:03:b2:59:ff:61:10:e7:29:f0:29:df:39:36:11:bf
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/12/2020, 00:00

Not After

18/12/2023, 23:59

Subject

CN=Cockos Incorporated,O=Cockos Incorporated,POSTALCODE=10013,STREET=Apt 4B+STREET=195 Hudson Street,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:9e:89:c2:b5:12:e4:8f:96:da:ef:c6:4e:03:17:b8:d4:8b:27:23:2a:ae:65:73:0c:5b:97:a4:58:09:10:81
Signer

Actual PE Digest

ff:9e:89:c2:b5:12:e4:8f:96:da:ef:c6:4e:03:17:b8:d4:8b:27:23:2a:ae:65:73:0c:5b:97:a4:58:09:10:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

winmm

timeGetTime
timeSetEvent

wsock32

inet_addr
ntohs
ioctlsocket
htons
sendto
recvfrom
__WSAFDIsSet
select
closesocket
shutdown
getsockname
bind
htonl
WSACleanup
WSAStartup
listen
accept
send
WSAGetLastError
recv
connect
inet_ntoa
gethostbyname
gethostbyaddr
socket
setsockopt

kernel32

FreeLibrary
CloseHandle
SetEvent
CreateThread
CreateEventA
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetStdHandle
AllocConsole
GetLongPathNameA
GetTempPathA
GetTickCount
GetDriveTypeA
GetLogicalDrives
GetFileSize
UnmapViewOfFile
IsBadWritePtr
ReadFile
MapViewOfFile
CreateFileMappingA
CreateFileA
GetLastError
CreateFileW
OutputDebugStringA
WriteFile
ResetEvent
GetOverlappedResult
SetFilePointer
__C_specific_handler
LoadLibraryA
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTime
ReleaseMutex
DeleteFileA
CreateMutexA
GetCurrentProcessId
WaitForMultipleObjects
LoadLibraryW
CreateDirectoryW
CreateDirectoryA
DeleteFileW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
WritePrivateProfileStructA
WritePrivateProfileStructW
CreateProcessA
CreateProcessW
ReleaseSemaphore
GetSystemInfo
VirtualFree
DuplicateHandle
CreateSemaphoreA
VirtualAlloc
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetVersionExA
LCMapStringA
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlVirtualUnwind
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapSize
ExitProcess
HeapCreate
HeapSetInformation
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlPcToFileHeader
RaiseException
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTimeFormatA
GetDateFormatA
ExitThread
GetFileType
SetStdHandle
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
HeapAlloc
HeapFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
FindFirstFileW
FindFirstFileA
WaitForSingleObject
WideCharToMultiByte
FindClose
FindNextFileW
FindNextFileA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FlushFileBuffers
GetFullPathNameW
WriteConsoleW
GetFullPathNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
GetPrivateProfileIntA

user32

InsertMenuItemA
CallWindowProcW
GetWindowLongPtrW
InvalidateRgn
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MsgWaitForMultipleObjects
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
GetClassWord
FindWindowExA
GetWindowTextLengthW
GetWindowTextA
GetWindowTextW
SetParent
ClientToScreen
InsertMenuItemW
IsWindowVisible
SetPropA
GetPropA
GetWindow
CallWindowProcA
SetWindowPos
SetWindowLongA
PostMessageA
GetClientRect
SendMessageA
GetCapture
SetFocus
SetCapture
ReleaseCapture
CheckMenuItem
CreatePopupMenu
GetWindowLongA
EnableWindow
BeginPaint
InsertMenuA
InsertMenuW
DrawTextW
MessageBoxA
MessageBoxW
GetWindowThreadProcessId
IsWindowUnicode
DefWindowProcW
SetWindowTextA
SetWindowTextW
wsprintfA
GetWindowTextLengthA
GetDlgItem
RemovePropA
PtInRect
ScreenToClient
GetWindowRect
EnumChildWindows
DefWindowProcA
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
FillRect
DrawTextA
EndPaint
InvalidateRect
UpdateWindow
PeekMessageA
CreateDialogParamA
SetWindowLongPtrA
ShowWindow
TrackPopupMenu
DestroyMenu
IsDlgButtonChecked
CheckDlgButton
DestroyWindow
GetWindowLongPtrA
GetParent
SendDlgItemMessageA
GetAsyncKeyState
GetSysColor
GetClassInfoExA
LoadImageA
RegisterClassExA
DialogBoxParamA
EndDialog
GetDesktopWindow
LoadCursorA
RegisterClassA
CreateWindowExA

gdi32

LineTo
MoveToEx
CreatePen
CreateCompatibleBitmap
SetBkColor
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
GetObjectA
CreateFontIndirectA
GetTextColor
CombineRgn
CreateRectRgnIndirect
RectInRegion
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextMetricsA
CreateSolidBrush
SetBkMode
SetTextColor
BitBlt
CreateCompatibleDC
SelectObject
CreateDIBSection
DeleteObject
RoundRect
DeleteDC

advapi32

RegQueryValueA
RegQueryValueExW
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
IIDFromString
CoGetMalloc
CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

832b249030fa95699718543ce7e52834

Code Sign

38:03:b2:59:ff:61:10:e7:29:f0:29:df:39:36:11:bfCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ff:9e:89:c2:b5:12:e4:8f:96:da:ef:c6:4e:03:17:b8:d4:8b:27:23:2a:ae:65:73:0c:5b:97:a4:58:09:10:81Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

winmm

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 225KB - Virtual size: 224KB

.data Size: 27KB - Virtual size: 478KB

.pdata Size: 55KB - Virtual size: 54KB

.rsrc Size: 280KB - Virtual size: 279KB

38:03:b2:59:ff:61:10:e7:29:f0:29:df:39:36:11:bf
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ff:9e:89:c2:b5:12:e4:8f:96:da:ef:c6:4e:03:17:b8:d4:8b:27:23:2a:ae:65:73:0c:5b:97:a4:58:09:10:81
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 225KB - Virtual size: 224KB

.data
Size: 27KB - Virtual size: 478KB

.pdata
Size: 55KB - Virtual size: 54KB

.rsrc
Size: 280KB - Virtual size: 279KB