NEAS[.]NEAS45b5b611c1170f9319e7d6234169c360exe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.NEAS45b5b611c1170f9319e7d6234169c360exe_JC.exe
Size

288KB
MD5

45b5b611c1170f9319e7d6234169c360
SHA1

9c722694c48d792533c50460b4b2d41a76c09477
SHA256

24660d2aff906eda7b1a49c84b67567aae7b635fbc12f8805e212a6b381380b4
SHA512

2e35dc0e39cd54c9aab0d5f2a36c1d7f0dbb1f7054b08b80cbf8cf91a53ea47da9358996642da509b8dec67476a7fca868a686cd4e333966623666ecfe3b3cbd
SSDEEP

6144:ZKjBzsuDVxu3lyUqqLSwAohoRamwu5z469o0hZXbBslj:INsGVQz9A3ROh0Hilj

Score

1^/10

Malware Config

Signatures

Files

NEAS.NEAS45b5b611c1170f9319e7d6234169c360exe_JC.exe
.exe windows:4 windows x86

87fe56bbce50b82b59b075d82b50741b

Code Sign

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47
Certificate

Issuer

CN=62esgfdgs

Not Before

23/02/2012, 09:44

Not After

31/12/2039, 23:59

Subject

CN=62esgfdgs

Extended Key Usages

ExtKeyUsageCodeSigning

94:35:47:4d:8c:4f:6a:e6:c4:22:7c:9b:95:c8:cf:23:4f:b1:6d:9c
Signer

Actual PE Digest

94:35:47:4d:8c:4f:6a:e6:c4:22:7c:9b:95:c8:cf:23:4f:b1:6d:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
GetEnvironmentVariableA
WaitForSingleObject
GetStdHandle
GetNumberOfConsoleInputEvents
OpenWaitableTimerW
VirtualUnlock
ExpandEnvironmentStringsA
GetCurrentDirectoryW
ResumeThread
Heap32ListFirst
SetFilePointer
lstrcat
DeleteFileW
RtlZeroMemory
CreateJobObjectA
TlsSetValue
FindResourceW
SetSystemTime
SetThreadLocale
LocalShrink
LocalLock
SetConsoleScreenBufferSize
TransmitCommChar
FindResourceExA
GetProfileSectionA
TlsAlloc
GlobalFix
MultiByteToWideChar
MoveFileWithProgressA
GetConsoleOutputCP
HeapFree
lstrcpynW
WriteConsoleOutputCharacterA
GetSystemInfo
OpenJobObjectW
WriteProfileStringA
GetPrivateProfileSectionNamesW
SetupComm
CancelIo
SetMessageWaitingIndicator
GlobalAddAtomW
SetConsoleCP
WaitForDebugEvent
GetProcessTimes
GetSystemWindowsDirectoryA
QueryPerformanceCounter
GetEnvironmentVariableW
SetComputerNameW
SearchPathA
IsBadHugeReadPtr
VerLanguageNameW
TerminateProcess
DefineDosDeviceW
FindNextFileA
SetThreadIdealProcessor
GetFileSize
GetUserDefaultLangID
VerifyVersionInfoA
CancelDeviceWakeupRequest
SetInformationJobObject
SwitchToThread
GetFileAttributesW
SystemTimeToFileTime
WritePrivateProfileStringW
GetThreadSelectorEntry
FindCloseChangeNotification
OpenMutexW
GetComputerNameExA
GetPrivateProfileStringA
GetSystemTimeAdjustment
FindFirstVolumeW
DosDateTimeToFileTime
GetProfileIntW
GetCurrentProcess
CreateEventW
ReadProcessMemory
GetCommandLineA
Module32NextW
GetLogicalDriveStringsA
GlobalDeleteAtom
OpenProcess
CreateFiber
FindFirstChangeNotificationA
ReadConsoleOutputAttribute
DeleteCriticalSection
GetAtomNameW
SetConsoleTitleW
QueryPerformanceFrequency
lstrcatA
DisconnectNamedPipe
WriteFileEx
GetProcessWorkingSetSize
GetPrivateProfileStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindClose
lstrcmpA
GetLargestConsoleWindowSize
ContinueDebugEvent
GetPrivateProfileIntW
DeleteVolumeMountPointW
GetTempPathA
DisableThreadLibraryCalls
SwitchToFiber
OpenFile
MoveFileExW
CreateDirectoryExW
ResetWriteWatch
EnumResourceNamesW
GetLocalTime
GetExitCodeThread
SetConsoleTitleA
FindAtomW
lstrcpynA
GlobalFindAtomA
GetStringTypeA
SetThreadPriorityBoost
GetThreadTimes
GlobalFindAtomW
SetTapePosition
_lclose
InitializeCriticalSectionAndSpinCount
CopyFileW
GetConsoleDisplayMode
EnumSystemLanguageGroupsW
CreateHardLinkA
FoldStringA
ReplaceFile
GetCommTimeouts
GenerateConsoleCtrlEvent
WriteConsoleInputA
CreateConsoleScreenBuffer
RemoveDirectoryA
GetWriteWatch

advapi32

RegOpenKeyExW

comctl32

ImageList_GetIcon
ImageList_LoadImage
ord14
ImageList_SetBkColor
FlatSB_SetScrollPos
ord16
ImageList_GetImageRect
ord3
ord13
CreatePropertySheetPageW
ImageList_Copy
InitMUILanguage
ImageList_BeginDrag
FlatSB_SetScrollProp
InitializeFlatSB
ImageList_Write
ImageList_ReplaceIcon
ImageList_SetImageCount
PropertySheetW
ImageList_SetFilter
CreateStatusWindow
ImageList_GetDragImage
PropertySheet
ImageList_AddMasked
DrawStatusTextW
ord6
PropertySheetA
DestroyPropertySheetPage
ImageList_Create
CreateToolbarEx
ImageList_Destroy
ImageList_Read
FlatSB_GetScrollInfo
FlatSB_GetScrollRange
DrawStatusText
ImageList_GetIconSize
ImageList_GetImageCount
CreatePropertySheetPage
ImageList_SetIconSize
CreatePropertySheetPageA
ord15
ImageList_Duplicate
ImageList_SetOverlayImage
ImageList_EndDrag
ImageList_Merge
FlatSB_ShowScrollBar
ImageList_DragMove
ImageList_Add
ord5
ord17
FlatSB_SetScrollInfo
ImageList_DrawIndirect
ImageList_Remove
UninitializeFlatSB
ImageList_DragLeave
FlatSB_SetScrollRange
ImageList_DragEnter
GetMUILanguage
ImageList_LoadImageW
ImageList_Replace
ImageList_GetImageInfo
ImageList_LoadImageA
ImageList_DrawEx
ord4
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ord7
ord2
FlatSB_GetScrollProp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text11
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text12
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textH3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH8
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH9
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH10
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87fe56bbce50b82b59b075d82b50741b

Code Sign

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47Certificate

Extended Key Usages

94:35:47:4d:8c:4f:6a:e6:c4:22:7c:9b:95:c8:cf:23:4f:b1:6d:9cSigner

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

Sections

.text Size: 4KB - Virtual size: 3KB

.text11 Size: 263KB - Virtual size: 263KB

.text12 Size: 2KB - Virtual size: 1KB

.textH3 Size: 512B - Virtual size: 500B

.textH4 Size: 512B - Virtual size: 500B

.textH1 Size: 512B - Virtual size: 500B

.textH5 Size: 512B - Virtual size: 500B

.textH6 Size: 512B - Virtual size: 500B

.textH7 Size: 512B - Virtual size: 500B

.textH8 Size: 512B - Virtual size: 500B

.textH9 Size: 512B - Virtual size: 500B

.textH10 Size: 512B - Virtual size: 500B

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47
Certificate

94:35:47:4d:8c:4f:6a:e6:c4:22:7c:9b:95:c8:cf:23:4f:b1:6d:9c
Signer

.text
Size: 4KB - Virtual size: 3KB

.text11
Size: 263KB - Virtual size: 263KB

.text12
Size: 2KB - Virtual size: 1KB

.textH3
Size: 512B - Virtual size: 500B

.textH4
Size: 512B - Virtual size: 500B

.textH1
Size: 512B - Virtual size: 500B

.textH5
Size: 512B - Virtual size: 500B

.textH6
Size: 512B - Virtual size: 500B

.textH7
Size: 512B - Virtual size: 500B

.textH8
Size: 512B - Virtual size: 500B

.textH9
Size: 512B - Virtual size: 500B

.textH10
Size: 512B - Virtual size: 500B

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB