3bae1cadd221e0eb2bd1e034808ba2e0_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

3bae1cadd221e0eb2bd1e034808ba2e0_NEAS
Size

202KB
MD5

3bae1cadd221e0eb2bd1e034808ba2e0
SHA1

9885734e74247ad757100ec8185f29ecaaac73b6
SHA256

17b9850de828f37ffaf46624ecb9e5e1fca5692fd4298e1042a4a260ed49bbe0
SHA512

ee545e1070e6409f47b98f81f5f0168899f80270acf1a6bb381345c3f6d79944477a14927172698193e67eea7ddef9111f6617314340a9136c7f684b6aa7a91c
SSDEEP

3072:wZTBl370YiA4k4vqqPApH/wTX8c9ejY0OGlSHA3eKTQs:wZTBl37IU44p/UxGg1KV

Score

1^/10

Malware Config

Signatures

Files

3bae1cadd221e0eb2bd1e034808ba2e0_NEAS
.exe windows:6 windows x86 arch:x86

5af877f0d67836f3c4d2c3b99928b9d1

Code Sign

9d:0a:21:07:d7:b0:e7:96:59:9f:c0:47:88:3c:d0:4a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-10-2017 00:00

Not After

13-10-2018 23:59

Subject

CN=PC Accelerate Sales Inc,O=PC Accelerate Sales Inc,POSTALCODE=19901,STREET=28 OLD RUDNICK LN,L=Dover,ST=DE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:0a:21:07:d7:b0:e7:96:59:9f:c0:47:88:3c:d0:4a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-10-2017 00:00

Not After

13-10-2018 23:59

Subject

CN=PC Accelerate Sales Inc,O=PC Accelerate Sales Inc,POSTALCODE=19901,STREET=28 OLD RUDNICK LN,L=Dover,ST=DE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:b1:2c:96:99:a1:46:ac:2f:8c:56:9a:15:c6:4f:fd:c8:d8:15:7a:4a:c4:97:63:a6:2d:af:2e:03:f8:2d:6f
Signer

Actual PE Digest

56:b1:2c:96:99:a1:46:ac:2f:8c:56:9a:15:c6:4f:fd:c8:d8:15:7a:4a:c4:97:63:a6:2d:af:2e:03:f8:2d:6f

Digest Algorithm

sha256

PE Digest Matches

true

81:91:9a:76:68:e8:48:4b:e6:10:c4:57:1d:af:dc:cc:c9:81:f0:03
Signer

Actual PE Digest

81:91:9a:76:68:e8:48:4b:e6:10:c4:57:1d:af:dc:cc:c9:81:f0:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libeay32

EVP_sha256
EVP_DigestFinal_ex
EVP_DigestUpdate
EVP_DigestInit_ex
EVP_MD_CTX_destroy
EVP_MD_CTX_create

kernel32

GetExitCodeProcess
GetCurrentDirectoryW
CreateProcessA
CreateDirectoryW
WaitForSingleObject
GetModuleHandleExW
CloseHandle
GetLastError
GetCurrentProcessId
GetSystemTime
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
DeleteFileW
SetFilePointer
DuplicateHandle
GetFullPathNameA
GetDriveTypeW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
CreateFileW
ReadConsoleW
ReadFile
WriteConsoleW
SetFilePointerEx
HeapSize
LoadLibraryW
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
VirtualQuery
MoveFileExW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetProcessHeap
RtlUnwind
LoadLibraryExW
Sleep
GetModuleFileNameW
WriteFile
GetStdHandle
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
GetTimeZoneInformation
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
GetFileAttributesExW
AreFileApisANSI
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
HeapFree
SetConsoleCtrlHandler
HeapAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapReAlloc
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
FileTimeToSystemTime
GetCommandLineA

libav

ord44294
ord1003
ord19
ord44216
ord44291
ord44292
ord44214
ord44344
ord44337
ord44327
ord44322
ord44271
ord44320
ord44211
ord44212
ord44266
ord44268
ord44218
ord44203
ord44236
ord44213
ord20
ord2
ord5
ord4
ord3
ord18
ord42
ord44290
ord44293
ord44274
ord44273
ord44272
ord44340
ord44335
ord44334
ord44333
ord44332
ord44331
ord44324
ord44321
ord44276
ord44319
ord44284
ord44285
ord44258
ord44210
ord27
ord6
ord70
ord46
ord33
ord9
ord12
ord11
ord17
ord49
ord44286
ord44339
ord44283
ord44330
ord44329

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5af877f0d67836f3c4d2c3b99928b9d1

Code Sign

9d:0a:21:07:d7:b0:e7:96:59:9f:c0:47:88:3c:d0:4aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

9d:0a:21:07:d7:b0:e7:96:59:9f:c0:47:88:3c:d0:4aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

56:b1:2c:96:99:a1:46:ac:2f:8c:56:9a:15:c6:4f:fd:c8:d8:15:7a:4a:c4:97:63:a6:2d:af:2e:03:f8:2d:6fSigner

81:91:9a:76:68:e8:48:4b:e6:10:c4:57:1d:af:dc:cc:c9:81:f0:03Signer

Headers

DLL Characteristics

File Characteristics

Imports

libeay32

kernel32

libav

Sections

.text Size: 142KB - Virtual size: 141KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

9d:0a:21:07:d7:b0:e7:96:59:9f:c0:47:88:3c:d0:4a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

9d:0a:21:07:d7:b0:e7:96:59:9f:c0:47:88:3c:d0:4a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

56:b1:2c:96:99:a1:46:ac:2f:8c:56:9a:15:c6:4f:fd:c8:d8:15:7a:4a:c4:97:63:a6:2d:af:2e:03:f8:2d:6f
Signer

81:91:9a:76:68:e8:48:4b:e6:10:c4:57:1d:af:dc:cc:c9:81:f0:03
Signer

.text
Size: 142KB - Virtual size: 141KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB