NEAS[.]NEASNEASa7cf48b6108e96096026425b964905f2035427c2af97fca0618d5947515f25b2exeexeexe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.NEASNEASa7cf48b6108e96096026425b964905f2035427c2af97fca0618d5947515f25b2exeexeexe_JC.exe
Size

5.2MB
MD5

7267c31ceaa3b35c96494360402a4788
SHA1

2257b7652462a7fcbba2e26383e0839b01c6b1cd
SHA256

a7cf48b6108e96096026425b964905f2035427c2af97fca0618d5947515f25b2
SHA512

e31569c8ad0f630e5b22938bb63c622c2fe7feeb40758e396f8d6d4059d8c444f1592d00dcf4a9b371adfc6a0b5b09744a8c86c50c63643c68afb438121c93b3
SSDEEP

98304:Yh0Af9saCDQeXNGUY1WpI1Hgj0hA7cQcPnkWDq0vH6ddW6TktuFfp39sqfMXGqh0:iV0DQKcLQcPnkWDq0vH6ddW6TktuFfpD

Score

1^/10

Malware Config

Signatures

Files

NEAS.NEASNEASa7cf48b6108e96096026425b964905f2035427c2af97fca0618d5947515f25b2exeexeexe_JC.exe
.exe windows:6 windows x64

ece4846704febbd2176fd563dfd00581

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/03/2021, 00:00

Not After

05/06/2024, 23:59

Subject

CN=Micro-Star International CO.\, LTD.,O=Micro-Star International CO.\, LTD.,L=Zhonghe District,ST=New Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bc:12:8c:a3:92:42:d0:1b:fe:f2:2e:04:ff:d3:2d:8a:34:57:5a:3d
Signer

Actual PE Digest

bc:12:8c:a3:92:42:d0:1b:fe:f2:2e:04:ff:d3:2d:8a:34:57:5a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
NtCancelIoFileEx
RtlVirtualUnwind
NtReadFile
NtWriteFile
NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile
RtlPcToFileHeader

kernel32

CreateEventW
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
GetSystemInfo
GetComputerNameExW
QueryPerformanceCounter
QueryPerformanceFrequency
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapReAlloc
SwitchToThread
GetConsoleOutputCP
GetStringTypeW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
FindClose
GetLastError
DeleteFileW
FindNextFileW
CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetFileType
PostQueuedCompletionStatus
SetStdHandle
SetEnvironmentVariableW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapAlloc
FindFirstFileExW
GetProcessHeap
HeapFree
InitializeCriticalSectionAndSpinCount
TlsAlloc
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
TlsGetValue
FormatMessageW
MoveFileExW
LockFileEx
UnlockFile
Sleep
FlsGetValue
GetModuleHandleA
GetProcAddress
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
MultiByteToWideChar
TlsSetValue
SetLastError
GetEnvironmentVariableW
GetTempPathW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
SetFilePointerEx
GetModuleHandleW
CreateDirectoryW
FindFirstFileW
FlsAlloc
GetTimeZoneInformation
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
CreateThread
SleepEx
WriteFileEx
ReadFileEx
CancelIo
ReadFile
GetSystemTimeAsFileTime
SetFileInformationByHandle
CopyFileExW
SetHandleInformation
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
TlsFree
LoadLibraryExW
FreeLibrary
GetNativeSystemInfo
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LocalFree
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EncodePointer
WriteConsoleW
CreateNamedPipeW
ExitThread
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
RaiseException

bcrypt

BCryptGenRandom

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CryptUnprotectData
CertAddCertificateContextToStore
CertCloseStore

secur32

GetUserNameExW
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
ApplyControlToken
AcceptSecurityContext
AcquireCredentialsHandleA
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage

advapi32

CredFree
GetUserNameW
SystemFunction036
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
CredEnumerateA

ws2_32

WSAIoctl
ioctlsocket
WSASocketW
connect
getsockopt
shutdown
getaddrinfo
freeaddrinfo
WSAStartup
setsockopt
WSACleanup
recv
closesocket
send
getsockname
WSAGetLastError
getpeername
WSASend
bind

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ece4846704febbd2176fd563dfd00581

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75Certificate

Extended Key Usages

Key Usages

bc:12:8c:a3:92:42:d0:1b:fe:f2:2e:04:ff:d3:2d:8a:34:57:5a:3dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

bcrypt

crypt32

secur32

advapi32

ws2_32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 27KB - Virtual size: 32KB

.pdata Size: 88KB - Virtual size: 88KB

_RDATA Size: 512B - Virtual size: 244B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75
Certificate

bc:12:8c:a3:92:42:d0:1b:fe:f2:2e:04:ff:d3:2d:8a:34:57:5a:3d
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 27KB - Virtual size: 32KB

.pdata
Size: 88KB - Virtual size: 88KB

_RDATA
Size: 512B - Virtual size: 244B