NEAS[.]0222923729a8d15c7705108dd19302a0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0222923729a8d15c7705108dd19302a0_JC.exe
Size

548KB
MD5

0222923729a8d15c7705108dd19302a0
SHA1

e5208f316e8b64edf465b10d52a2b09caf666165
SHA256

c9d53273ea1bd0bc984398a4c54a6abf73b7443264f7d8a56b433ac687d780d5
SHA512

0f1ff4249a40986e16fad519c43bf2f920317c830fda4639cf7bd3105bd1ee1c4cf1c164e61061ecb91a346754fc872bbef08c5fa6c69e4414b1e9a3f41d7fe7
SSDEEP

12288:4CZLQLuIgRVUF/z8EjqNhuRJxaEd7gYBNozQYQPg8ldt5e9xZxgVAMNr0zuse4/y:xZ8LCU9RIlfMzErEH7r

Score

1^/10

Malware Config

Signatures

Files

NEAS.0222923729a8d15c7705108dd19302a0_JC.exe
.dll windows:4 windows x86

c9913553ae7230bb0d1e5f442fd58860

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/11/2022, 00:00

Not After

02/11/2025, 23:59

Subject

CN=AOMEI International Network Limited,O=AOMEI International Network Limited,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/11/2022, 00:00

Not After

02/11/2025, 23:59

Subject

CN=AOMEI International Network Limited,O=AOMEI International Network Limited,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:21:59:a3:71:3c:02:01:ba:68:96:cf:f1:47:68:91:2b:70:fd:09:21:4a:00:a6:8c:22:6b:43:a2:da:3f:4d
Signer

Actual PE Digest

bc:21:59:a3:71:3c:02:01:ba:68:96:cf:f1:47:68:91:2b:70:fd:09:21:4a:00:a6:8c:22:6b:43:a2:da:3f:4d

Digest Algorithm

sha256

PE Digest Matches

false

a8:b4:3a:d3:67:e2:f3:bc:5c:1a:95:5a:4d:f0:ec:bf:ae:7c:b5:46
Signer

Actual PE Digest

a8:b4:3a:d3:67:e2:f3:bc:5c:1a:95:5a:4d:f0:ec:bf:ae:7c:b5:46

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertFreeCertificateContext
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertCloseStore
CertGetEnhancedKeyUsage
CertOpenSystemStoreW

ws2_32

sendto
WSAStartup
WSACleanup
select
__WSAFDIsSet
htonl
ioctlsocket
WSACloseEvent
WSASetEvent
WSAResetEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
WSACreateEvent
accept
listen
gethostname
freeaddrinfo
getaddrinfo
htons
getsockopt
ntohs
getsockname
setsockopt
recv
bind
socket
getpeername
WSAIoctl
WSASetLastError
connect
closesocket
send
WSAGetLastError
recvfrom

wldap32

ord133
ord26
ord142
ord46
ord41
ord301
ord27
ord117
ord127
ord147
ord219
ord167
ord208
ord145
ord14
ord216
ord79

libssl-1_1

SSL_get_current_cipher
SSL_CTX_use_PrivateKey_file
SSL_CTX_set_options
SSL_set_connect_state
SSL_set_bio
SSL_CTX_set_msg_callback
SSL_connect
SSL_CTX_add_client_CA
TLS_client_method
SSL_CIPHER_get_name
SSL_CTX_set_alpn_protos
SSL_CTX_set_verify
SSL_CTX_get_cert_store
SSL_get_ex_data
SSL_new
SSL_CTX_set_default_passwd_cb_userdata
SSL_get_certificate
SSL_CTX_set_cert_store
SSL_get_peer_certificate
SSL_CTX_use_certificate_chain_file
OPENSSL_init_ssl
SSL_CTX_check_private_key
SSL_CTX_set_ciphersuites
SSL_get0_alpn_selected
SSL_ctrl
SSL_CTX_use_certificate_file
SSL_pending
SSL_CTX_new
SSL_CTX_set_default_passwd_cb
SSL_get_peer_cert_chain
SSL_CTX_use_PrivateKey
SSL_CTX_set_post_handshake_auth
SSL_SESSION_free
SSL_write
SSL_alert_desc_string_long
SSL_CTX_set_keylog_callback
SSL_shutdown
SSL_get_verify_result
SSL_free
SSL_set_session
SSL_CTX_set_cipher_list
SSL_set_ex_data
SSL_get_version
SSL_get_shutdown
SSL_CTX_free
SSL_CTX_use_certificate
SSL_CTX_sess_set_new_cb
SSL_get_error
SSL_read
SSL_CTX_ctrl
SSL_get_privatekey

libcrypto-1_1

BIO_free
d2i_PKCS12_bio
BIO_meth_set_create
X509_get_serialNumber
X509_get0_notBefore
UI_destroy_method
BIO_meth_set_destroy
X509_INFO_free
EVP_PKEY_copy_parameters
X509_STORE_set_flags
X509_NAME_get_entry
EVP_sha1
BIO_meth_set_write
OCSP_BASICRESP_free
PEM_read_bio_PrivateKey
BIO_meth_set_read
OCSP_cert_to_id
ENGINE_by_id
PEM_write_bio_X509
DH_get0_pqg
X509_NAME_ENTRY_get_data
UI_method_get_closer
X509_verify_cert_error_string
BN_print
PEM_read_bio_X509_AUX
PEM_X509_INFO_read_bio
UI_get0_user_data
ENGINE_get_first
OCSP_basic_verify
PKCS12_free
X509_get0_notAfter
X509_NAME_get_index_by_NID
UI_OpenSSL
X509_NAME_print_ex
RSA_free
ENGINE_ctrl_cmd
DSA_get0_key
OPENSSL_sk_pop
EVP_PKEY_free
BN_num_bits
PKCS12_parse
BIO_s_mem
UI_method_set_opener
BIO_clear_flags
ASN1_STRING_to_UTF8
X509_get_issuer_name
OCSP_response_status
EVP_DigestInit
EVP_MD_CTX_new
OPENSSL_sk_pop_free
CRYPTO_malloc
i2d_X509_PUBKEY
X509_LOOKUP_file
X509_free
PEM_read_bio_X509
OpenSSL_version_num
OCSP_crl_reason_str
UI_get_string_type
BIO_new_mem_buf
EVP_PKEY_id
OCSP_CERTID_free
ERR_peek_last_error
EVP_MD_CTX_free
ASN1_STRING_get0_data
X509_get_X509_PUBKEY
EVP_PKEY_get0_RSA
OPENSSL_sk_value
ENGINE_set_default
OCSP_response_status_str
EVP_PKEY_get0_DSA
ASN1_STRING_type
UI_method_get_reader
OCSP_RESPONSE_free
ERR_clear_error
UI_create_method
X509_STORE_add_cert
BIO_set_init
RAND_bytes
CRYPTO_free
ASN1_STRING_print
X509_get0_extensions
X509_get_ext_d2i
BIO_set_flags
OCSP_cert_status_str
ENGINE_ctrl
X509_EXTENSION_get_data
EVP_PKEY_get0_DH
d2i_X509
EVP_sha256
ASN1_TIME_print
X509_get_subject_name
EVP_DigestInit_ex
BIO_meth_new
BIO_new
X509V3_EXT_print
OCSP_check_validity
X509_EXTENSION_get_object
i2t_ASN1_OBJECT
MD5_Update
MD5_Final
MD5_Init
MD4_Update
MD4_Final
MD4_Init
DES_set_key_unchecked
DES_ecb_encrypt
DES_set_odd_parity
RSA_flags
ENGINE_get_id
ENGINE_init
BIO_set_data
ENGINE_load_private_key
X509_check_issued
X509_get_version
OPENSSL_sk_num
X509_STORE_free
DSA_get0_pqg
X509_PUBKEY_get0_param
ENGINE_get_next
X509_get_pubkey
BIO_puts
EVP_DigestFinal_ex
ERR_peek_error
GENERAL_NAMES_free
BIO_ctrl
BIO_get_shutdown
EVP_DigestUpdate
X509_get0_signature
UI_get_input_flags
BIO_s_file
UI_method_set_closer
UI_method_set_writer
d2i_X509_bio
OCSP_resp_find_status
ENGINE_free
BIO_set_shutdown
ASN1_STRING_length
d2i_PrivateKey_bio
UI_method_set_reader
X509_load_crl_file
ENGINE_finish
BIO_meth_free
X509_STORE_up_ref
UI_method_get_opener
X509_STORE_load_locations
ERR_error_string_n
ERR_get_error
OCSP_response_get1_basic
i2a_ASN1_OBJECT
DH_get0_key
EVP_PKEY_get1_RSA
d2i_OCSP_RESPONSE
X509_STORE_add_lookup
BIO_get_data
UI_method_get_writer
PKCS12_PBE_add
RSA_get0_key
BIO_printf
RAND_status
BIO_meth_set_ctrl
UI_set_result
X509_STORE_add_crl

kernel32

WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObjectEx
GetCurrentThreadId
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
CloseHandle
GetEnvironmentVariableA
GetLastError
GetSystemTimeAsFileTime
SleepEx
MoveFileExW
Sleep
GetCurrentProcessId
FormatMessageW
SetLastError
QueryPerformanceFrequency
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
PeekNamedPipe
WaitForMultipleObjects
ReadFile
GetStdHandle
GetFileType
QueryPerformanceCounter
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleA
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CompareFileTime
EnterCriticalSection

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

msvcr80

strncpy
strtol
fseek
fread
_lseeki64
_fstat64
realloc
calloc
_wcsdup
strftime
_beginthreadex
_wfopen
malloc
free
_wopen
_waccess
_wstat64
fwrite
feof
fgets
memchr
__iob_func
qsort
strcspn
strrchr
strchr
strncmp
memmove
_errno
sscanf
_time64
fputs
fclose
strtoul
setvbuf
fputc
sprintf
atoi
_gmtime64
fflush
strpbrk
__sys_nerr
wcstombs
__sys_errlist
_strtoi64
wcspbrk
strspn
ftell
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_unlink
_strdup
_close
_fdopen
_write
_read
memcpy
strstr
memset

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9913553ae7230bb0d1e5f442fd58860

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

bc:21:59:a3:71:3c:02:01:ba:68:96:cf:f1:47:68:91:2b:70:fd:09:21:4a:00:a6:8c:22:6b:43:a2:da:3f:4dSigner

a8:b4:3a:d3:67:e2:f3:bc:5c:1a:95:5a:4d:f0:ec:bf:ae:7c:b5:46Signer

Headers

File Characteristics

Imports

crypt32

ws2_32

wldap32

libssl-1_1

libcrypto-1_1

kernel32

advapi32

msvcr80

Exports

Exports

Sections

.text Size: 352KB - Virtual size: 348KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 428B

.reloc Size: 20KB - Virtual size: 16KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

bc:21:59:a3:71:3c:02:01:ba:68:96:cf:f1:47:68:91:2b:70:fd:09:21:4a:00:a6:8c:22:6b:43:a2:da:3f:4d
Signer

a8:b4:3a:d3:67:e2:f3:bc:5c:1a:95:5a:4d:f0:ec:bf:ae:7c:b5:46
Signer

.text
Size: 352KB - Virtual size: 348KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 428B

.reloc
Size: 20KB - Virtual size: 16KB