NEAS[.]4cb72dfdcb46dfdcc8a309a1017ac010_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4cb72dfdcb46dfdcc8a309a1017ac010_JC.exe
Size

254KB
MD5

4cb72dfdcb46dfdcc8a309a1017ac010
SHA1

c2f82284c6f63a3d9ed6e4055da4d8320a5b6a7a
SHA256

92c5b01a19ee39b718eb84284d678ebf81c7d643f230da3503a3da4075c15540
SHA512

102bff77b5324e7719b6ad144882bdf18cfe71d12a0c53178a8a3713beef7870fac0dbf3070fd82d3278f813f2132493cd624872c5f6a884fb0ebdd09f0138b1
SSDEEP

3072:chTJb/Ve1i0n0e9DqcwMNIXE6pAyUNskvshGI0jZeEU3jPpAT86bt:clJbI1iM0mqcwtU8tUukkwFeEUTPpt0

Score

1^/10

Malware Config

Signatures

Files

NEAS.4cb72dfdcb46dfdcc8a309a1017ac010_JC.exe
.exe windows:5 windows x86

fa9c71e9152f309bdb41e56659e1932f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:84:17:f7:ea:64:06:ec:7b:32:05:90:e1:7a:65:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/04/2012, 00:00

Not After

06/05/2015, 23:59

Subject

CN=Mindspark Interactive Network,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mindspark Interactive Network,L=White Plains,ST=NewYork,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW
EnumProcesses

kernel32

CloseHandle
SetFileAttributesW
MoveFileExW
DeleteFileW
Sleep
CreateFileW
GetFileSize
ReadFile
SetLastError
CreateEventW
GetLastError
GetShortPathNameW
GetModuleFileNameW
SetEvent
SetProcessShutdownParameters
SetThreadPriority
GetCurrentThread
ReadDirectoryChangesW
GetOverlappedResult
ResetEvent
CompareStringW
GetModuleHandleW
GetCurrentProcess
GetProcessId
WaitForSingleObject
GetExitCodeProcess
DuplicateHandle
LoadLibraryA
FreeLibrary
CreateProcessW
WriteFile
lstrcmpiW
lstrcpyA
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
OpenProcess
LocalAlloc
lstrcatW
lstrcpyW
GetVersionExW
GetFileAttributesW
GetDriveTypeW
lstrcpynW
lstrlenW
GetProcAddress
GetModuleHandleA
LocalFree
WriteConsoleW
FlushFileBuffers
lstrlenA
GetStringTypeW
GetLocaleInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
HeapAlloc
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
IsProcessorFeaturePresent
GetStdHandle

user32

DefWindowProcW
RegisterClassExW
SendMessageTimeoutW
GetWindowThreadProcessId
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
EnumWindows
CreateWindowExW

advapi32

RegOpenKeyExW
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

shlwapi

StrStrIW
StrRChrW
PathCombineW
StrStrW
PathFileExistsW
PathAppendW
StrCmpNIW
StrNCatW

netapi32

NetUserEnum
NetApiBufferFree
NetWkstaUserGetInfo

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa9c71e9152f309bdb41e56659e1932f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

09:84:17:f7:ea:64:06:ec:7b:32:05:90:e1:7a:65:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

shlwapi

netapi32

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

09:84:17:f7:ea:64:06:ec:7b:32:05:90:e1:7a:65:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 25KB - Virtual size: 25KB