NEAS[.]13973535599654d5834af18a4ed60b80_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.13973535599654d5834af18a4ed60b80_JC.exe
Size

4.4MB
MD5

13973535599654d5834af18a4ed60b80
SHA1

7ff86807c1ab5200e4dfe5b75d5224072e84c5b6
SHA256

25480b91cadfebdc5c370a5ad0a9bb9e5888019839c8d3b88c7daa657a99fa90
SHA512

229a192a9fadaa0525de1715106c22bfd993531bbb3ccecd3a022e8fd057012f2ceff9a24fbd18709820d4554087eaf365ec42a738418487d5a962243513efcd
SSDEEP

98304:lBX3usHk1vuHivvOvT2qEg5hw31A39wCC:SsHk1vyi3m2q154A3i

Score

1^/10

Malware Config

Signatures

Files

NEAS.13973535599654d5834af18a4ed60b80_JC.exe
.exe windows:4 windows x86

8c629ea890b0851eab34d3de69c199f8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:a9:5f:a5:a3:e2:f5:db:b6:95:f7:b1:18:3f:31:af
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/07/2009, 00:00

Not After

02/09/2011, 23:59

Subject

CN=Hyperionics Technology\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Hyperionics Technology\, LLC,L=Murrysville,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:09:72:91:98:a0:b0:72:64:45:ab:b7:4a:ff:7b:13:66:5a:10:a6
Signer

Actual PE Digest

74:09:72:91:98:a0:b0:72:64:45:ab:b7:4a:ff:7b:13:66:5a:10:a6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

ltfil10n

ord105
ord100
ord112
ord109
ord104
ord101
ord106

ltimg10n

ord117
ord105
ord103
ord104
ord106
ord112
ord127
ord125
ord119
ord111
ord122
ord126

ltkrn10n

ord133
ord110
ord108
ord106
ord151
ord197
ord115
ord125
ord128
ord136
ord100
ord132
ord139
ord141
ord124
ord144
ord146
ord145
ord150

lttwn10n

ord103
ord101
ord100

ltdis10n

ord139
ord131
ord122

ltdlg10n

ord104
ord101
ord107

ltefx10n

ord102

kernel32

LocalReAlloc
FileTimeToSystemTime
GlobalFlags
GetCPInfo
GetOEMCP
FindResourceExA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetErrorMode
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
GetDriveTypeA
ExitThread
CreateThread
VirtualAlloc
VirtualQuery
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetStdHandle
HeapSize
IsValidCodePage
VirtualFree
SetHandleCount
GetStdHandle
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalFree
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
SizeofResource
LockResource
ReleaseMutex
LoadResource
FindResourceA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
CreateProcessA
WaitForSingleObject
CompareFileTime
Sleep
GetFullPathNameA
DeleteFileA
GetModuleHandleA
FindFirstFileA
FindNextFileA
MultiByteToWideChar
FindClose
CreateFileA
GetFileTime
CloseHandle
GetEnvironmentVariableA
GetLastError
GetComputerNameA
GetDateFormatA
GetTimeFormatA
Beep
SetCurrentDirectoryA
GetComputerNameW
GetDateFormatW
GetTimeFormatW
GetTempFileNameA
MulDiv
GetCurrentThreadId
GetWindowsDirectoryA
GlobalSize
lstrcpyA
GetTickCount
CopyFileA
GetCurrentDirectoryA
lstrlenA
InterlockedCompareExchange
IsProcessorFeaturePresent
GetThreadTimes
VirtualLock
VirtualUnlock
PurgeComm
SetCommTimeouts
GetCommTimeouts
GetCommProperties
SetCommState
BuildCommDCBA
GetCommState
GetProcessWorkingSetSize
GetProcessTimes
GlobalMemoryStatus
DeviceIoControl
CreateMutexA
GetShortPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
GetDiskFreeSpaceA
SetFileTime
InterlockedIncrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetProfileIntA
VirtualProtect
SuspendThread
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetLocaleInfoA
SetThreadPriority
SearchPathA
InterlockedDecrement
FlushInstructionCache
GetSystemInfo
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetEnvironmentVariableA
SetFileAttributesA
GetCurrentProcessId
SystemTimeToFileTime
FormatMessageA
LoadLibraryExA
lstrcmpA
GlobalHandle
HeapDestroy
GetFileAttributesA
HeapCreate
HeapFree
GetProcessHeap
HeapAlloc
FreeResource
WriteFile
GetFileSize
FlushFileBuffers
GetFileType
SetFilePointer
ReadFile
CreateEventA
WaitForMultipleObjects
ResumeThread
ResetEvent
SetEvent
GetLocalTime
QueryPerformanceCounter
IsBadReadPtr
IsBadWritePtr
GetACP
WinExec
MapViewOfFile
CreateFileMappingA
OpenProcess
GetCurrentProcess
GlobalReAlloc
OutputDebugStringA
TlsAlloc
InitializeCriticalSection
TlsFree
DeleteCriticalSection
TlsGetValue
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
RaiseException
LocalFree
LocalAlloc
UnmapViewOfFile
MoveFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
CreateDirectoryA
SetLastError
GetModuleFileNameW
GetVersionExA
CompareStringA
GetVersion
lstrcmpiA
InterlockedExchange
lstrlenW
CompareStringW
GetStringTypeExA

user32

IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
RemoveMenu
SendDlgItemMessageA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetMessageTime
ScrollWindow
RegisterClassA
AdjustWindowRectEx
SetScrollInfo
SetWindowPlacement
TranslateAcceleratorA
SendNotifyMessageA
SubtractRect
GetDoubleClickTime
GetScrollRange
CopyIcon
ShowScrollBar
IsCharLowerA
GetLastActivePopup
GetMenuDefaultItem
GrayStringA
DrawTextExA
TabbedTextOutA
GetMenu
GetScrollPos
EnableScrollBar
GetNextDlgTabItem
GetMenuItemInfoA
SetClassLongA
SetMenu
CharUpperBuffA
LockWindowUpdate
CheckMenuItem
GetSysColorBrush
ToAsciiEx
LoadAcceleratorsA
DestroyAcceleratorTable
CreateAcceleratorTableA
GetCaretPos
CopyImage
GetNextDlgGroupItem
GetSystemMetrics
DestroyWindow
GetClassLongA
DrawStateA
LoadBitmapA
SetWindowRgn
GetMenuState
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetWindowPlacement
GetWindowRgn
BringWindowToTop
EnumWindows
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetUpdateRect
MapVirtualKeyA
CopyAcceleratorTableA
SetRectEmpty
DrawEdge
DrawFrameControl
GetMessagePos
SetCapture
IsDialogMessageA
AttachThreadInput
LoadCursorFromFileA
DestroyCursor
GetWindowDC
GetPriorityClipboardFormat
PostThreadMessageA
GetWindowThreadProcessId
MapWindowPoints
GetIconInfo
MoveWindow
IsZoomed
DrawIcon
SetWindowPos
SwapMouseButton
ChildWindowFromPointEx
ValidateRect
EndPaint
BeginPaint
UnionRect
ReleaseCapture
PostQuitMessage
SetActiveWindow
GetScrollInfo
EnumChildWindows
SetParent
GetWindowTextA
GetWindow
GetTopWindow
EqualRect
IsRectEmpty
DestroyIcon
DestroyMenu
CharUpperA
IsWindowEnabled
SetScrollPos
SetScrollRange
SetWindowTextW
GetWindowTextW
GetActiveWindow
TrackPopupMenuEx
WindowFromDC
GetFocus
DefWindowProcA
GetClipboardOwner
SetWindowsHookExA
GetClassInfoA
RegisterWindowMessageA
GetMenuItemID
GetWindowLongA
RedrawWindow
WaitMessage
GetParent
WindowFromPoint
GetClassNameA
IsClipboardFormatAvailable
ClientToScreen
keybd_event
SetKeyboardState
GetClipboardData
GetSubMenu
GetKeyboardState
SetTimer
mouse_event
IsChild
SetWindowTextA
EndDialog
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
InsertMenuItemA
ReuseDDElParam
UnpackDDElParam
MapDialogRect
ShowOwnedPopups
GetDCEx
GetKeyState
UnhookWindowsHookEx
SetCursorPos
CreatePopupMenu
DeleteMenu
GetCapture
wsprintfA
SetFocus
IsMenu
GetCursorPos
TrackPopupMenu
CallNextHookEx
ShowWindow
CreateMenu
UnregisterClassA
CharNextA
InvalidateRgn
GetTabbedTextExtentA
GetCursor
GetClipboardViewer
GetInputState
GetOpenClipboardWindow
GetProcessWindowStation
GetQueueStatus
ModifyMenuA
GetMenuStringA
ShowCursor
GetMenuItemCount
SetMenuDefaultItem
KillTimer
EnableMenuItem
AppendMenuA
LoadIconA
LoadMenuA
DispatchMessageA
TranslateMessage
IntersectRect
GetMessageA
PeekMessageA
DrawTextW
SetRect
FindWindowA
GetAncestor
GetAsyncKeyState
UpdateWindow
SetForegroundWindow
MessageBoxA
GetSysColor
WinHelpA
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
LoadImageA
InsertMenuA
GetSystemMenu
OffsetRect
SystemParametersInfoA
IsWindowVisible
CloseClipboard
SetClipboardData
DrawIconEx
EmptyClipboard
OpenClipboard
InflateRect
PtInRect
IsWindow
GetClientRect
ScreenToClient
RegisterClipboardFormatA
GetForegroundWindow
SetWindowLongA
GetDlgItem
MessageBeep
CallWindowProcA
GetDlgCtrlID
GetWindowRect
RegisterHotKey
UnregisterHotKey
ReleaseDC
GetDC
GetDesktopWindow
FillRect
LoadCursorA
SetCursor
DrawFocusRect
FrameRect
DrawTextA
SetWindowContextHelpId
CopyRect
IsIconic
PostMessageA
SendMessageA
InvalidateRect
EnableWindow
CreateIconIndirect

gdi32

OffsetRgn
PtInRegion
CreatePolygonRgn
CreateCompatibleDC
ExtTextOutA
SelectPalette
BitBlt
CreateRectRgn
CreateCompatibleBitmap
CombineRgn
EqualRgn
FrameRgn
StretchBlt
GetPixel
PatBlt
OffsetClipRgn
SetWindowOrgEx
GetDIBits
GdiFlush
GetMapMode
CreateBitmap
CreateDIBitmap
CreateDIBSection
GetSystemPaletteEntries
SetPixelV
GetSystemPaletteUse
GetDIBColorTable
SetDIBits
SetDIBColorTable
Polygon
ExtFloodFill
SetPixel
GetEnhMetaFileHeader
SetSystemPaletteUse
GetNearestPaletteIndex
ResizePalette
CreateHatchBrush
CreateBitmapIndirect
UnrealizeObject
ExtCreatePen
GetBkColor
CreateRectRgnIndirect
CreateRoundRectRgn
SetRectRgn
GetObjectType
CreatePatternBrush
GetTextCharsetInfo
GetTextColor
CreateEllipticRgn
Polyline
PtVisible
RectVisible
TextOutA
GetClipBox
LPtoDP
SetWindowExtEx
SetViewportExtEx
Escape
SetPaletteEntries
GetRgnBox
StartDocA
StartPage
EndPage
EndDoc
AbortDoc
EnumFontFamiliesExA
GetDCOrgEx
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
OffsetWindowOrgEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CopyMetaFileA
SetAbortProc
GetCharWidthA
GetViewportOrgEx
GetWindowOrgEx
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
RoundRect
Ellipse
CreatePalette
CreateHalftonePalette
GetTextExtentPointA
GetEnhMetaFilePaletteEntries
DeleteMetaFile
GetMetaFileBitsEx
GetMetaFileA
GetEnhMetaFileA
SetWinMetaFileBits
CloseEnhMetaFile
CreateEnhMetaFileA
PlayEnhMetaFile
DeleteEnhMetaFile
EnumFontFamiliesA
GetTextMetricsA
SetBkColor
CreateSolidBrush
DeleteObject
GetStockObject
SetTextColor
GetDeviceCaps
RealizePalette
CreateFontIndirectA
CreatePen
CreateDCA
DeleteDC
StretchDIBits
DPtoLP
SetMapMode
SelectObject
Rectangle
GetPaletteEntries
SelectClipRgn
FillRgn
GetWindowExtEx
SetStretchBltMode
GetViewportExtEx
SetBrushOrgEx
GetBoundsRect
GetTextExtentPoint32A
GetObjectA

comdlg32

GetFileTitleA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
GetPrinterA
OpenPrinterA
GetJobA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegSetValueA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyA
GetUserNameW
GetUserNameA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA

shell32

SHAppBarMessage
ShellExecuteA
SHGetPathFromIDListA
DragAcceptFiles
SHGetMalloc
DragQueryFileA
DragFinish
ExtractIconA
SHGetFileInfoA
SHChangeNotify
SHBrowseForFolderA
SHFileOperationA
SHGetSpecialFolderLocation
Shell_NotifyIconA

comctl32

ord17
ImageList_Create
ImageList_Add
ImageList_Draw
ImageList_Destroy
ImageList_GetIconSize
ImageList_DrawEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsDirectoryA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoGetClassObject
CoDisconnectObject
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CoRegisterClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDuplicateData
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
ReleaseStgMedium
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries

oleaut32

SafeArrayDestroy
RegisterTypeLi
SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen
VariantChangeType
VariantClear
SystemTimeToVariantTime
VarUdateFromDate
VariantInit
VariantCopy
SysStringByteLen
SysAllocStringByteLen
OleCreateFontIndirect
LoadTypeLi
VariantTimeToSystemTime

msvfw32

DrawDibRealize
DrawDibSetPalette
DrawDibOpen
DrawDibClose
DrawDibDraw

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

HS6Callback

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 688KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MY_DATA1
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c629ea890b0851eab34d3de69c199f8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

09:a9:5f:a5:a3:e2:f5:db:b6:95:f7:b1:18:3f:31:afCertificate

Extended Key Usages

Key Usages

74:09:72:91:98:a0:b0:72:64:45:ab:b7:4a:ff:7b:13:66:5a:10:a6Signer

Headers

File Characteristics

Imports

winmm

ltfil10n

ltimg10n

ltkrn10n

lttwn10n

ltdis10n

ltdlg10n

ltefx10n

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

msvfw32

version

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 688KB - Virtual size: 684KB

.data Size: 108KB - Virtual size: 281KB

MY_DATA1 Size: 4KB - Virtual size: 252B

.rsrc Size: 32KB - Virtual size: 31KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

09:a9:5f:a5:a3:e2:f5:db:b6:95:f7:b1:18:3f:31:af
Certificate

74:09:72:91:98:a0:b0:72:64:45:ab:b7:4a:ff:7b:13:66:5a:10:a6
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 688KB - Virtual size: 684KB

.data
Size: 108KB - Virtual size: 281KB

MY_DATA1
Size: 4KB - Virtual size: 252B

.rsrc
Size: 32KB - Virtual size: 31KB