neconyd | bf9ec973065d75cc2b9afa1a2ad8f00a06959822b3067849649ff5be4e315db8N

Sharing

Copy URL

Twitter E-mail

General

Target

bf9ec973065d75cc2b9afa1a2ad8f00a06959822b3067849649ff5be4e315db8N
Size

80KB
MD5

3a61a90616d95d365240db1012353480
SHA1

dc50476c5e280f2ce8ab7d74c3bda2508553dbbd
SHA256

bf9ec973065d75cc2b9afa1a2ad8f00a06959822b3067849649ff5be4e315db8
SHA512

14f218d75f73d92ba8df20c5a9f309f744eaaf15ed540f397f941d01f5de948df702d2f61fb6926c08ceca6ca5f25de9fe7d47fc74b20b8d51bf5f708d6e7d00
SSDEEP

1536:ad9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9Xwzz:6dseIOMEZEyFjEOFqTiQmOl/5xPvw3

Score

10^/10

neconyd

Malware Config

Extracted

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd family
neconyd

Files

bf9ec973065d75cc2b9afa1a2ad8f00a06959822b3067849649ff5be4e315db8N
.exe windows:4 windows x86 arch:x86

08b67a9663d3a8c9505f3b2561bbdd1c

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:e1:9c:f3:c0:3e:52:d9:58:02:d5:5c:59:c5:0a:41:d4:e5:d9:5f:da:bc:aa:0b:5d:b8:50:53:b1:fb:10:f6
Signer

Actual PE Digest

a5:e1:9c:f3:c0:3e:52:d9:58:02:d5:5c:59:c5:0a:41:d4:e5:d9:5f:da:bc:aa:0b:5d:b8:50:53:b1:fb:10:f6

Digest Algorithm

sha256

PE Digest Matches

false

a5:e1:9c:f3:c0:3e:52:d9:58:02:d5:5c:59:c5:0a:41:d4:e5:d9:5f:da:bc:aa:0b:5d:b8:50:53:b1:fb:10:f6
Signer

Actual PE Digest

a5:e1:9c:f3:c0:3e:52:d9:58:02:d5:5c:59:c5:0a:41:d4:e5:d9:5f:da:bc:aa:0b:5d:b8:50:53:b1:fb:10:f6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetSetPerSiteCookieDecisionW
InternetOpenUrlW
InternetAttemptConnect
InternetOpenW
InternetReadFile
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetQueryDataAvailable
InternetSetOptionW

shlwapi

StrStrIW
PathMatchSpecW
PathCombineW
wvnsprintfW
StrStrIA
PathRemoveFileSpecW

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapReAlloc
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
HeapCreate
CopyFileW
CreateThread
WaitForMultipleObjects
GetTickCount
DeleteFileW
CreateProcessW
SetUnhandledExceptionFilter
ExitProcess
GetLastError
LoadLibraryW
GetProcAddress
Sleep
VirtualProtect
GetPrivateProfileIntW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
FindFirstFileW
SetFilePointer
SetEndOfFile
GetVersionExW
HeapAlloc
SetWaitableTimer
SystemTimeToFileTime
CreateWaitableTimerW
FindNextFileW
HeapFree
ReadFile
GetModuleFileNameW
GetFileTime
WaitForSingleObject
GetTimeZoneInformation
CreateFileW
CloseHandle
GetFileSizeEx
VirtualFree
GetProcessHeap
GetCurrentDirectoryW
VirtualAlloc
VirtualQuery
GetSystemTime
GetFileSize
FindClose
WriteFile
GetLocalTime
GetModuleHandleW
GetCommandLineW

user32

GetWindowLongW
DispatchMessageW
GetForegroundWindow
CharLowerW
CreateWindowExW
FindWindowW
PeekMessageW
SetForegroundWindow
GetSystemMetrics
MessageBoxW
SetWindowPos
SetWindowLongW
SetParent

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoCreateInstance
OleInitialize
CoInitialize

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

08b67a9663d3a8c9505f3b2561bbdd1c

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a5:e1:9c:f3:c0:3e:52:d9:58:02:d5:5c:59:c5:0a:41:d4:e5:d9:5f:da:bc:aa:0b:5d:b8:50:53:b1:fb:10:f6Signer

a5:e1:9c:f3:c0:3e:52:d9:58:02:d5:5c:59:c5:0a:41:d4:e5:d9:5f:da:bc:aa:0b:5d:b8:50:53:b1:fb:10:f6Signer

Headers

File Characteristics

Imports

wininet

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 92KB

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a5:e1:9c:f3:c0:3e:52:d9:58:02:d5:5c:59:c5:0a:41:d4:e5:d9:5f:da:bc:aa:0b:5d:b8:50:53:b1:fb:10:f6
Signer

a5:e1:9c:f3:c0:3e:52:d9:58:02:d5:5c:59:c5:0a:41:d4:e5:d9:5f:da:bc:aa:0b:5d:b8:50:53:b1:fb:10:f6
Signer

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 92KB