NEAS[.]c37a9f1e525dd6595cb5dc7f9dfd8500_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c37a9f1e525dd6595cb5dc7f9dfd8500_JC.exe
Size

1.3MB
MD5

c37a9f1e525dd6595cb5dc7f9dfd8500
SHA1

df401353a3def2edbaaf5dec37787c2cbf8964ac
SHA256

f82b7334f2b4706391081d5f47d02b53e1662a29061093351bee9521ec2a73ea
SHA512

276b3af7724a719007ae73e065292a4d7a7938dfccd6b353c99a46c35c9b7bdc60a0c785092d586c2208fd96d84efab53ffa7c8e0ca2d6ddca689dd168a8f855
SSDEEP

24576:2cFWCWm594cWRSHA6rm8kmvRCkrlJoUoxtD4lee:2Bq59OiH5CkJezJYee

Score

1^/10

Malware Config

Signatures

Files

NEAS.c37a9f1e525dd6595cb5dc7f9dfd8500_JC.exe
.exe windows:4 windows x86

47831363c448ab7d7b12d358c6221e94

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/07/2010, 00:00

Not After

08/08/2011, 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9f:f0:54:d2:32:b8:99:fb:26:6a:30:3b:e0:fa:11:63:47:85:40:60
Signer

Actual PE Digest

9f:f0:54:d2:32:b8:99:fb:26:6a:30:3b:e0:fa:11:63:47:85:40:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pack

UnpackPlain
PackInitialize
PackPlainFromDir
PackTerminate

zlib1

inflateReset
inflateEnd
inflateInit_
inflate

zip32z64

ZpInit
ZpArchive

kernel32

GetTimeFormatA
GetDateFormatA
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
CreateDirectoryA
ExitThread
GetCommandLineA
GetStartupInfoA
SetConsoleCtrlHandler
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
SetHandleCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetConsoleCP
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetErrorMode
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
DuplicateHandle
GetThreadLocale
UnlockFile
LockFile
FlushFileBuffers
WriteFile
MoveFileA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcmpA
GetCurrentProcessId
InterlockedIncrement
RaiseException
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
LocalFree
MulDiv
lstrcpynA
CreateMutexA
ReleaseMutex
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
SetVolumeLabelA
GetFileTime
DosDateTimeToFileTime
GetConsoleMode
SetConsoleMode
ReadFile
GetStdHandle
GetConsoleScreenBufferInfo
GetLocaleInfoA
GetFullPathNameA
GetVolumeInformationA
GetDriveTypeA
SetFileTime
SetFilePointer
SetEndOfFile
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
GetACP
WritePrivateProfileStringA
GetModuleFileNameA
WaitForSingleObject
RemoveDirectoryA
FindNextFileA
CreateFileA
GetFileSize
SetFileAttributesA
GetFileAttributesA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTempPathA
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
GetSystemTime
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
CreateSemaphoreA
CreateThread
TerminateThread
CloseHandle
GetPrivateProfileStringA
GetPrivateProfileIntA
DeleteFileA
CopyFileA
GetTickCount
Sleep
GetVersionExA
lstrlenW
FreeLibrary
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
SetEnvironmentVariableW
HeapSize
CreateFileW

user32

RegisterClipboardFormatA
UnregisterClassA
SetWindowContextHelpId
MapDialogRect
ValidateRect
GetWindowThreadProcessId
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
CheckMenuItem
DestroyMenu
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDlgButtonChecked
SetDlgItemTextA
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetWindowTextLengthA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
ScrollWindow
TrackPopupMenu
GetKeyState
GetScrollRange
SetScrollPos
GetScrollPos
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
CopyRect
SetScrollInfo
DefWindowProcA
EndPaint
BeginPaint
GetMenuState
MessageBeep
CharToOemA
OemToCharA
GetMessageA
LockWindowUpdate
UpdateWindow
GetActiveWindow
TrackPopupMenuEx
SetWindowRgn
SetWindowLongA
CallWindowProcA
SetCursor
FillRect
SendMessageA
ClientToScreen
ScreenToClient
ChildWindowFromPoint
ReleaseCapture
DrawIconEx
ShowCursor
TrackMouseEvent
WindowFromPoint
MapWindowPoints
GetSysColorBrush
CreateIconIndirect
GetIconInfo
DestroyIcon
LoadImageA
GetWindowDC
GetWindowTextA
GetWindowLongA
IsZoomed
GetCursorPos
ReleaseDC
GetDC
InflateRect
PeekMessageA
DispatchMessageA
IsDialogMessageA
TranslateMessage
CharUpperA
GetPropA
ShowWindow
GetLastActivePopup
GetClassInfoA
GetWindowPlacement
SetCursorPos
SetWindowPos
BringWindowToTop
GetMenu
SetForegroundWindow
IsWindowVisible
GetMenuItemID
GetMenuItemCount
GetWindow
GetClassNameA
SetPropA
PostQuitMessage
GetNextDlgGroupItem
PostThreadMessageA
GetMessagePos
RemovePropA
LoadIconA
GetDesktopWindow
KillTimer
SetTimer
IsIconic
GetSystemMenu
DrawIcon
EnableMenuItem
AppendMenuA
CreatePopupMenu
GetCursor
SetCapture
GetSysColor
GetDlgCtrlID
GetSystemMetrics
LoadCursorA
RegisterWindowMessageA
PtInRect
OffsetRect
EqualRect
GetSubMenu
LoadMenuA
PostMessageA
GetWindowRect
GetClientRect
InvalidateRect
GetFocus
GetParent
EnableWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
SetFocus
GetScrollInfo
SystemParametersInfoA
IsWindow
SetRect
IntersectRect
DrawFocusRect
CharNextA

gdi32

GetRgnBox
GetBkColor
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
GetClipBox
ExtTextOutA
TextOutA
RectVisible
PtVisible
StretchBlt
GetTextColor
GetStockObject
BitBlt
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleBitmap
SetROP2
RestoreDC
SaveDC
GetDeviceCaps
CreateDIBSection
CreateICA
ExtCreateRegion
GetTextExtentPoint32A
GetDIBits
SetDIBits
CreateRectRgnIndirect
SelectClipRgn
SetBkMode
CreateRectRgn
CombineRgn
OffsetRgn
GetMapMode
SetMapMode
CreateBitmap
GetPixel
SetBkColor
SetTextColor
DeleteObject
DeleteDC
SetBoundsRect
GetObjectA
GetTextMetricsA
CreateFontA
CreatePen
Rectangle
SelectObject
Escape

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

GetSecurityDescriptorSacl
RegOpenKeyExA
StartServiceA
QueryServiceStatusEx
ChangeServiceConfigA
QueryServiceConfigA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegEnumKeyExA
OpenProcessToken
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
GetSecurityDescriptorControl
LookupPrivilegeValueA
AdjustTokenPrivileges
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
RegEnumValueA
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA

comctl32

FlatSB_SetScrollProp
FlatSB_ShowScrollBar
FlatSB_EnableScrollBar
InitializeFlatSB
FlatSB_SetScrollPos
FlatSB_GetScrollInfo
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollRange
_TrackMouseEvent
InitCommonControlsEx

shlwapi

UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
StrToIntA

oledlg

ord8

ole32

CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize

oleaut32

VariantCopy
VariantChangeType
SysFreeString
SysAllocString
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
DispCallFunc
LoadRegTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
OleCreateFontIndirect
LoadTypeLi
VariantClear

gdiplus

GdipGetImageGraphicsContext
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipImageRotateFlip
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdipDrawImageRectRect
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipSetImageAttributesColorMatrix
GdipGetImageEncoders
GdipLoadImageFromFile
GdipAlloc

ws2_32

inet_ntoa
WSAStartup
ntohs
WSACleanup
getpeername
recv
send
accept
connect
listen
htons
bind
setsockopt
closesocket
socket
ioctlsocket
inet_addr
select
WSAGetLastError
__WSAFDIsSet
htonl

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetConnectA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
HttpOpenRequestA
InternetOpenUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA

Sections

.text
Size: 992KB - Virtual size: 988KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 869KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47831363c448ab7d7b12d358c6221e94

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:daCertificate

Extended Key Usages

Key Usages

9f:f0:54:d2:32:b8:99:fb:26:6a:30:3b:e0:fa:11:63:47:85:40:60Signer

Headers

File Characteristics

Imports

pack

zlib1

zip32z64

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

ws2_32

version

wininet

Sections

.text Size: 992KB - Virtual size: 988KB

.rdata Size: 240KB - Virtual size: 237KB

.data Size: 20KB - Virtual size: 869KB

.rsrc Size: 44KB - Virtual size: 42KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

9f:f0:54:d2:32:b8:99:fb:26:6a:30:3b:e0:fa:11:63:47:85:40:60
Signer

.text
Size: 992KB - Virtual size: 988KB

.rdata
Size: 240KB - Virtual size: 237KB

.data
Size: 20KB - Virtual size: 869KB

.rsrc
Size: 44KB - Virtual size: 42KB