NEAS[.]0b44b181223dcd782e0c8964a7ec4e70_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0b44b181223dcd782e0c8964a7ec4e70_JC.exe
Size

926KB
MD5

0b44b181223dcd782e0c8964a7ec4e70
SHA1

69fae2d6d612ddf704ab243f48f30eec740591e7
SHA256

4284a38b8124e3a27e32d3a3cb66d6848e9d55d47413e7b31c57c141e5cef7b0
SHA512

d447e8e814293e77a0561121775896355d8eeae9872392ae52db27beb1a8538af4678e56241ed4a42697ad9ea21c862693d4c770cb733d10f726aff005867dd8
SSDEEP

24576:IceYOX0aCs7Jvuk27eSMurTcTlNZEuU552:tDFk27eIrTcTl/U55

Score

1^/10

Malware Config

Signatures

Files

NEAS.0b44b181223dcd782e0c8964a7ec4e70_JC.exe
.exe windows:5 windows x86

786f6c3e5bc133668585b6bf11dbc168

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:70:a1:7d:75:6f:ec:88:85:9a:29:46:be:d7:69:44
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/05/2019, 00:00

Not After

08/05/2020, 12:00

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:40:74:8d:43:58:a1:47:81:d6:a9:c3:07:b3:aa:9c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2019, 00:00

Not After

08/05/2020, 12:00

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:d3:d4:a5:50:04:d5:bc:8b:fa:05:23:6c:13:62:ae:59:a6:3b:8e:97:57:4e:7c:cd:49:11:72:1d:4f:32:4f
Signer

Actual PE Digest

07:d3:d4:a5:50:04:d5:bc:8b:fa:05:23:6c:13:62:ae:59:a6:3b:8e:97:57:4e:7c:cd:49:11:72:1d:4f:32:4f

Digest Algorithm

sha256

PE Digest Matches

false

ab:13:9c:c9:5b:08:8c:1c:db:fd:f1:91:fc:6a:a4:4c:f7:f3:3d:aa
Signer

Actual PE Digest

ab:13:9c:c9:5b:08:8c:1c:db:fd:f1:91:fc:6a:a4:4c:f7:f3:3d:aa

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
OpenMutexW
GetProcAddress
CloseHandle
HeapAlloc
GetCurrentProcess
HeapFree
LoadLibraryW
GetProcessHeap
GetModuleFileNameW
GetFileSize
SetFilePointer
WriteFile
CreateFileW
RemoveDirectoryW
GetPrivateProfileStringW
FreeLibrary
GetModuleHandleW
SetErrorMode
SetEnvironmentVariableA
FlushFileBuffers
GetFileAttributesW
ExpandEnvironmentStringsW
CreateMutexW
WaitForSingleObject
Sleep
GetLastError
ReleaseMutex
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
FindResourceW
LoadResource
GetVersionExW
LockResource
lstrcmpiW
OpenProcess
QueryDosDeviceW
WideCharToMultiByte
GetACP
MultiByteToWideChar
FindClose
FindNextFileW
GetEnvironmentVariableW
GetCurrentProcessId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrlenW
GetFileSizeEx
SetEndOfFile
ReadFile
DeleteFileW
GetCurrentThreadId
LocalFree
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
CopyFileW
GetTempPathW
MoveFileW
GetWindowsDirectoryW
SetFileAttributesW
GetLogicalDriveStringsW
LoadLibraryExW
GetTickCount
FormatMessageW
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
SetEvent
ResetEvent
CreateEventW
InterlockedExchangeAdd
InterlockedExchange
SetLastError
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
EncodePointer
GetCommandLineW
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW

shlwapi

SHGetValueW

Sections

.text
Size: 575KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

786f6c3e5bc133668585b6bf11dbc168

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0d:70:a1:7d:75:6f:ec:88:85:9a:29:46:be:d7:69:44Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

01:40:74:8d:43:58:a1:47:81:d6:a9:c3:07:b3:aa:9cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

07:d3:d4:a5:50:04:d5:bc:8b:fa:05:23:6c:13:62:ae:59:a6:3b:8e:97:57:4e:7c:cd:49:11:72:1d:4f:32:4fSigner

ab:13:9c:c9:5b:08:8c:1c:db:fd:f1:91:fc:6a:a4:4c:f7:f3:3d:aaSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Sections

.text Size: 575KB - Virtual size: 574KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 163KB - Virtual size: 162KB

Size: 66KB - Virtual size: 66KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0d:70:a1:7d:75:6f:ec:88:85:9a:29:46:be:d7:69:44
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:40:74:8d:43:58:a1:47:81:d6:a9:c3:07:b3:aa:9c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

07:d3:d4:a5:50:04:d5:bc:8b:fa:05:23:6c:13:62:ae:59:a6:3b:8e:97:57:4e:7c:cd:49:11:72:1d:4f:32:4f
Signer

ab:13:9c:c9:5b:08:8c:1c:db:fd:f1:91:fc:6a:a4:4c:f7:f3:3d:aa
Signer

.text
Size: 575KB - Virtual size: 574KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 163KB - Virtual size: 162KB