NEAS[.]06e608dc2234c6dbdf10fc6e8825a390_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.06e608dc2234c6dbdf10fc6e8825a390_JC.exe
Size

2.3MB
MD5

06e608dc2234c6dbdf10fc6e8825a390
SHA1

d720469678f0af9d33eadfd3dc852cd27b4de28a
SHA256

f112d5d8f8ba5e51a5f54a5f817c5c2788cd1541d850b57203a9d13110f210c3
SHA512

58fa628be810856b1f2d838fd73663406807ac91bf205951c12aba7a0ba280cfe9b35d9bb8fd0252962e26ac34ce6f7abee8f26dda477181fc8bc99c1f0de08c
SSDEEP

49152:V3mVFYzj0Vs2WVJMNWHchIlpyTmPI/5ackb/952YUmG:VWVFGSs2epchInd8a5W

Score

1^/10

Malware Config

Signatures

Files

NEAS.06e608dc2234c6dbdf10fc6e8825a390_JC.exe
.exe windows:5 windows x86

c63ff24e85c1088a73b51c02ba95edc7

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:4d:49:c5:64:94:36:de:6b:f3:19:0a:67:ee:dc:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/03/2016, 00:00

Not After

28/06/2017, 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:6d:5f:74:f5:e4:c7:9e:da:dc:f5:70:0d:9b:bd:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/03/2016, 00:00

Not After

28/06/2017, 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

94:80:28:e6:fd:ee:b5:11:50:a2:63:83:91:a3:ee:7d:73:9b:16:c5:63:20:d5:df:00:a0:00:e7:2b:00:75:e3
Signer

Actual PE Digest

94:80:28:e6:fd:ee:b5:11:50:a2:63:83:91:a3:ee:7d:73:9b:16:c5:63:20:d5:df:00:a0:00:e7:2b:00:75:e3

Digest Algorithm

sha256

PE Digest Matches

false

04:c0:83:35:f5:1f:70:63:65:d5:58:73:ef:f8:ae:36:dd:f0:96:35
Signer

Actual PE Digest

04:c0:83:35:f5:1f:70:63:65:d5:58:73:ef:f8:ae:36:dd:f0:96:35

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle

user32

LoadAcceleratorsW
LoadStringW
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
PostQuitMessage
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
EndDialog
wsprintfW
FindWindowW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
MsgWaitForMultipleObjects
LoadIconW
PostThreadMessageW

advapi32

RegCloseKey
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
QueryServiceConfigW
ControlService
DeleteService
CreateServiceW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegFlushKey
CryptDestroyHash
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
MakeAbsoluteSD
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation

ws2_32

freeaddrinfo
socket
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
setsockopt
ntohs
htons
inet_ntoa
getsockopt
getsockname
getpeername
send
bind
closesocket
recvfrom
sendto
connect
accept
listen
ioctlsocket
gethostname
getaddrinfo
WSAIoctl

wldap32

ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

kernel32

TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
TlsGetValue
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
ExitThread
GetEnvironmentStringsW
CreateThread
LCMapStringW
RaiseException
InterlockedExchange
DecodePointer
EncodePointer
InterlockedIncrement
GetStringTypeW
TlsAlloc
UnhandledExceptionFilter
RtlUnwind
GetFileInformationByHandle
SetFilePointerEx
FindFirstFileExW
LoadLibraryExW
FileTimeToLocalFileTime
GetCommandLineW
IsProcessorFeaturePresent
GetOEMCP
GetCPInfo
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
VerifyVersionInfoA
SleepEx
VerSetConditionMask
GetLocalTime
GetExitCodeProcess
GetEnvironmentVariableW
ReleaseMutex
GetPrivateProfileStringW
GetPrivateProfileIntW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
FreeLibrary
WritePrivateProfileStringW
GetModuleFileNameA
GetModuleHandleW
GetTempPathW
IsDebuggerPresent
GetTickCount
GetModuleFileNameW
GetLongPathNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WaitForSingleObject
SetEvent
LocalFree
GetCurrentThreadId
CreateEventW
SuspendThread
CloseHandle
SetErrorMode
SetUnhandledExceptionFilter
FileTimeToSystemTime
GetDateFormatW
GetLastError
GetCurrentDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
GetSystemTime
InitializeCriticalSectionAndSpinCount
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
Sleep
GetVersionExW
DeviceIoControl
GetDriveTypeW
CreateFileW
SetFilePointer
ReadFile
VirtualAlloc
VirtualFree
DefineDosDeviceW
MultiByteToWideChar
FindClose
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
GetWindowsDirectoryW
QueryDosDeviceW
GetFileTime
LoadLibraryW
GetProcAddress
LoadLibraryExA
lstrlenW
HeapReAlloc
lstrcmpiW
SetLastError
lstrlenA
LocalAlloc
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
CreateMutexW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
WideCharToMultiByte
FormatMessageW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetTempPathA
AreFileApisANSI
DeleteFileA
CreatePipe
SetHandleInformation
CreateProcessW
InterlockedDecrement
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
CopyFileW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
StringFromIID
CoTaskMemFree
CoInitializeSecurity
StringFromCLSID
CoUninitialize

oleaut32

SafeArrayGetLBound
VariantCopy
SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
VariantInit
VariantClear
SysAllocString

shlwapi

PathFindExtensionW
StrCmpW
PathFileExistsW
PathUnquoteSpacesW
PathRemoveArgsW
PathFindFileNameA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CryptStringToBinaryA
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CertGetNameStringW
CryptUnprotectData

bthprops.cpl

BluetoothGetRadioInfo
BluetoothGetDeviceInfo
BluetoothFindNextDevice
BluetoothFindDeviceClose
BluetoothFindRadioClose
BluetoothFindNextRadio
BluetoothFindFirstRadio
BluetoothFindFirstDevice

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces

wlanapi

WlanOpenHandle
WlanEnumInterfaces
WlanQueryInterface
WlanGetProfile
WlanFreeMemory
WlanGetNetworkBssList
WlanGetProfileList

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c63ff24e85c1088a73b51c02ba95edc7

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

77:4d:49:c5:64:94:36:de:6b:f3:19:0a:67:ee:dc:dfCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4e:6d:5f:74:f5:e4:c7:9e:da:dc:f5:70:0d:9b:bd:6fCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

94:80:28:e6:fd:ee:b5:11:50:a2:63:83:91:a3:ee:7d:73:9b:16:c5:63:20:d5:df:00:a0:00:e7:2b:00:75:e3Signer

04:c0:83:35:f5:1f:70:63:65:d5:58:73:ef:f8:ae:36:dd:f0:96:35Signer

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

user32

advapi32

ws2_32

wldap32

kernel32

shell32

ole32

oleaut32

shlwapi

version

crypt32

bthprops.cpl

iphlpapi

setupapi

wlanapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 76KB - Virtual size: 88KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 136KB - Virtual size: 136KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

77:4d:49:c5:64:94:36:de:6b:f3:19:0a:67:ee:dc:df
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4e:6d:5f:74:f5:e4:c7:9e:da:dc:f5:70:0d:9b:bd:6f
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

94:80:28:e6:fd:ee:b5:11:50:a2:63:83:91:a3:ee:7d:73:9b:16:c5:63:20:d5:df:00:a0:00:e7:2b:00:75:e3
Signer

04:c0:83:35:f5:1f:70:63:65:d5:58:73:ef:f8:ae:36:dd:f0:96:35
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 76KB - Virtual size: 88KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 136KB - Virtual size: 136KB