NEAS[.]08977bafb47cfbcbb644ca2df4936f00_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.08977bafb47cfbcbb644ca2df4936f00_JC.exe
Size

707KB
MD5

08977bafb47cfbcbb644ca2df4936f00
SHA1

5128eb80fd48686855b315ad5fd8debf23e47d70
SHA256

1f29b2febf6705a8451ae9f9a0b7f0b5a6b820e68f15648c32d1b5d7a110e7cb
SHA512

0b859ac36de947d8ab7d04158d75b5222359300091ce15cd22c2d0b7a17f898792190d53affe5c03f70102d91b8a787fbe6a33b7ccf5b6d0486f7abb56fc7e09
SSDEEP

12288:PFLEyptnuLp0ZeHsC9va7TZ3t0YJ8Q8h/LeIzj0rjR+DxRMHOJoCH/zO96/fRRrE:PFMpLCBCe4j2NHO2CLnXZfVw

Score

1^/10

Malware Config

Signatures

Files

NEAS.08977bafb47cfbcbb644ca2df4936f00_JC.exe
.exe windows:5 windows x86

daf854fb70eb1cd645cd72066f7160fb

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c4:01:7b:1b:bd:dc:18:b6:4e:19:fc:71:dc:12:db
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2019, 00:00

Not After

02/02/2022, 12:00

Subject

SERIALNUMBER=91330000788831167A,CN=NetEase(Hangzhou) Network Co. Ltd.,OU=Game Dept.,O=NetEase(Hangzhou) Network Co. Ltd.,L=Hangzhou,ST=Zhejiang,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:58:e9:7f:63:12:47:3d:5a:c5:99:c0:78:78:ef:73:b5:ef:f4:36:4c:69:7d:46:d5:23:f1:02:79:25:2f:42
Signer

Actual PE Digest

fb:58:e9:7f:63:12:47:3d:5a:c5:99:c0:78:78:ef:73:b5:ef:f4:36:4c:69:7d:46:d5:23:f1:02:79:25:2f:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getaddrinfo
freeaddrinfo
WSASetLastError
getpeername
sendto
bind
ntohs
getsockname
ioctlsocket
connect
WSAStartup
inet_addr
select
WSAGetLastError
htons
setsockopt
WSACleanup
recv
socket
accept
listen
__WSAFDIsSet
gethostname
getsockopt
closesocket
gethostbyname
recvfrom
send

wldap32

ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord22

normaliz

IdnToAscii

iphlpapi

GetAdaptersInfo

kernel32

GetStringTypeW
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
CreateFileA
GetFullPathNameA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapCreate
HeapSetInformation
DecodePointer
IsProcessorFeaturePresent
GetDriveTypeW
EncodePointer
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetLocalTime
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
SetPriorityClass
CreateThread
Sleep
WaitForSingleObject
TerminateThread
LoadLibraryA
GetVersionExA
FreeLibrary
SleepEx
GetLastError
SetLastError
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsA
FormatMessageA
GetProcessHeap
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
SetEndOfFile
UnhandledExceptionFilter
TerminateProcess
RaiseException
ExitThread
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexA
GetFileSizeEx
SetFilePointer
GetSystemTimeAsFileTime
ReleaseMutex
WriteFile
FlushFileBuffers
OutputDebugStringW
lstrlenW
GetFileSize
FindClose
GetFileAttributesW
CreateDirectoryW
ExitProcess
CreateEventW
SetEvent
GetCommandLineW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetNamedPipeHandleStateW
SetNamedPipeHandleState
ConnectNamedPipe
HeapFree
HeapAlloc
HeapReAlloc

advapi32

RegSetValueExA
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExA

p2p_layer

P2PSetDelayMode
P2PLayerDestroy
P2PPushNewVpAddress
P2PLayerCreate
P2PGetFrame
P2PGetFrameBufLen

winmm

timeGetTime

user32

PostMessageW
RegisterClassExW
DefWindowProcW
GetPropW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
DestroyWindow
SetPropW
CreateWindowExW
LoadCursorW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daf854fb70eb1cd645cd72066f7160fb

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

09:c4:01:7b:1b:bd:dc:18:b6:4e:19:fc:71:dc:12:dbCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

fb:58:e9:7f:63:12:47:3d:5a:c5:99:c0:78:78:ef:73:b5:ef:f4:36:4c:69:7d:46:d5:23:f1:02:79:25:2f:42Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

normaliz

iphlpapi

kernel32

advapi32

p2p_layer

winmm

user32

shell32

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 6KB - Virtual size: 55KB

.rsrc Size: 157KB - Virtual size: 156KB

.reloc Size: 26KB - Virtual size: 25KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

09:c4:01:7b:1b:bd:dc:18:b6:4e:19:fc:71:dc:12:db
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

fb:58:e9:7f:63:12:47:3d:5a:c5:99:c0:78:78:ef:73:b5:ef:f4:36:4c:69:7d:46:d5:23:f1:02:79:25:2f:42
Signer

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 55KB

.rsrc
Size: 157KB - Virtual size: 156KB

.reloc
Size: 26KB - Virtual size: 25KB