NEAS[.]3f55648238129160d18bc218d8345db0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3f55648238129160d18bc218d8345db0_JC.exe
Size

3.0MB
MD5

3f55648238129160d18bc218d8345db0
SHA1

c1f94b6f7ba98de1a951b1a231cf18b4553734ba
SHA256

bfdb6a8dd097c4f6e95fedc2160820c2028b8dfe31893620e63896a35f5232f5
SHA512

0c85335890a08df6a9b15e5cb339d8936e75477c07df6e0da645970a04c60efda1d56f14fe68d0bfdcaa9cfc74d81dd672d774102b7b46c2076fb8e630c079e2
SSDEEP

49152:X42sYLZ7QWEzG2duav4NwnxzXgPTON2aUnwJit8AN7kumm4N:bxQWE9v4N4xzXgW8tms7G

Score

1^/10

Malware Config

Signatures

Files

NEAS.3f55648238129160d18bc218d8345db0_JC.exe
.dll regsvr32 windows:5 windows x86

6dd82ba53a57874af6e30680a98d281a

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:60:6a:c0:0a:2f:9f:36:80:8c:ab:db:6c:6e:7e:37
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/06/2016, 00:00

Not After

15/06/2017, 23:59

Subject

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/05/2016, 00:00

Not After

06/05/2019, 23:59

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:c2:8a:08:63:83:75:90:71:b0:e8:15:7f:8c:17:e2:bb:c2:db:40:ac:9e:eb:b9:47:18:9b:5d:25:0d:ab:a9
Signer

Actual PE Digest

3e:c2:8a:08:63:83:75:90:71:b0:e8:15:7f:8c:17:e2:bb:c2:db:40:ac:9e:eb:b9:47:18:9b:5d:25:0d:ab:a9

Digest Algorithm

sha256

PE Digest Matches

true

8c:68:6c:ee:a8:34:1a:15:15:43:49:ad:0d:3c:36:02:84:56:4d:13
Signer

Actual PE Digest

8c:68:6c:ee:a8:34:1a:15:15:43:49:ad:0d:3c:36:02:84:56:4d:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

AlphaBlend

imm32

ImmDisableIME
ImmUnlockIMCC
ImmLockIMC
ImmGenerateMessage
ImmGetIMCCSize
ImmSetConversionStatus
ImmCreateIMCC
ImmLockIMCC
ImmGetConversionStatus
ImmReSizeIMCC
ImmCreateSoftKeyboard
ImmDestroySoftKeyboard
ImmShowSoftKeyboard
ImmUnlockIMC

oleacc

AccessibleChildren
AccessibleObjectFromWindow

kernel32

Sleep
ResetEvent
VirtualQuery
GetSystemInfo
GetModuleHandleW
ExpandEnvironmentStringsW
RemoveDirectoryW
LocalFree
DeviceIoControl
SetLastError
GetCurrentProcess
FileTimeToDosDateTime
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SystemTimeToFileTime
WriteFile
FileTimeToSystemTime
GetFileType
CreateFileMappingW
FindNextFileW
DuplicateHandle
GetFileInformationByHandle
GetSystemTime
DosDateTimeToFileTime
CreateDirectoryW
SetFileTime
GetCurrentDirectoryW
ExitProcess
ResumeThread
LoadLibraryExW
GetACP
SetEndOfFile
GetFileTime
CreateMutexW
OpenMutexW
ReleaseMutex
HeapAlloc
HeapFree
GetProcessHeap
GetVersionExW
OpenFileMappingW
GetLongPathNameW
GetFileAttributesExW
CreateProcessW
FindClose
lstrcmpiW
GetEnvironmentVariableW
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CopyFileW
GetTempPathW
MoveFileW
OpenProcess
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
GetFileSizeEx
FormatMessageW
GlobalMemoryStatusEx
InterlockedExchange
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
InitializeCriticalSection
FindFirstFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
OpenEventW
WaitForMultipleObjects
CloseHandle
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
OutputDebugStringW
HeapReAlloc
GetTimeZoneInformation
ReadConsoleW
GetOEMCP
IsValidCodePage
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapSize
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ExitThread
CreateThread
RtlUnwind
GetCPInfo
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW
GetSystemDirectoryW
SetEvent
WaitForSingleObject
QueryPerformanceCounter
InterlockedExchangeAdd
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryW
FreeLibrary
MulDiv
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
GetLastError
LCMapStringW
GetLocalTime
MultiByteToWideChar
lstrcpyW
DecodePointer
LockResource
RaiseException
CreateFileW
ReadFile
SizeofResource
LoadResource
FindResourceW
GetFileSize
GetFileAttributesW
lstrlenW
WideCharToMultiByte
GetExitCodeProcess

user32

TranslateMessage
GetCapture
WaitMessage
EqualRect
MonitorFromRect
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
DrawIconEx
PeekMessageW
DispatchMessageW
RemovePropW
IsMenu
DeleteMenu
IsWindowEnabled
SetFocus
GetUpdateRect
InflateRect
IntersectRect
AppendMenuW
CreatePopupMenu
InsertMenuW
UpdateWindow
DestroyMenu
SetMenuItemInfoW
SetRectEmpty
IsRectEmpty
FillRect
MonitorFromPoint
GetMonitorInfoW
CopyRect
LoadKeyboardLayoutW
ActivateKeyboardLayout
LoadStringW
IsIconic
GetParent
WindowFromPoint
GetDesktopWindow
GetKeyboardLayoutList
DrawTextW
GetFocus
GetAncestor
GetWindowTextW
GetClassNameW
LoadImageW
KillTimer
DefWindowProcW
RegisterClassExW
GetClassInfoExW
GetKeyState
PostMessageW
UnregisterClassW
GetDC
GetAsyncKeyState
SetCursorPos
ReleaseDC
IsWindowVisible
MoveWindow
SetCursor
GetMenuItemID
GetSubMenu
LoadCursorW
GetMenuStringW
GetMenuItemInfoW
ModifyMenuW
GetForegroundWindow
LoadIconW
LoadMenuW
EnableMenuItem
MessageBoxW
CheckMenuItem
ClientToScreen
keybd_event
CloseClipboard
SendInput
GetKeyboardState
GetGUIThreadInfo
SystemParametersInfoW
EmptyClipboard
OpenClipboard
SetClipboardData
ToUnicodeEx
SetCapture
TrackMouseEvent
FindWindowW
ReleaseCapture
GetSystemMetrics
EndPaint
DestroyWindow
UpdateLayeredWindow
SetTimer
ScreenToClient
GetWindowRect
GetClientRect
BeginPaint
PtInRect
SetRect
InvalidateRect
SetWindowLongW
SetWindowPos
GetCursorPos
ShowWindow
WindowFromDC
IsWindow
CreateWindowExW
SendMessageW
GetWindowLongW
FindWindowExW
GetActiveWindow
GetWindowThreadProcessId
GetMenuItemCount

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetTextExtentPointW
CreatePen
ExtCreatePen
MoveToEx
LineTo
SelectClipRgn
CreateRectRgn
CreateDIBitmap
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
SetBkMode
GetObjectW
EnumFontFamiliesW
DeleteDC
GetTextMetricsW
GetStockObject
GetBitmapBits
BitBlt
SetTextColor
SelectObject
CreateCompatibleDC
CreateDIBSection

advapi32

RegEnumKeyExW
GetAce
SetNamedSecurityInfoW
LookupAccountNameW
GetFileSecurityW
EqualSid
GetAclInformation
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetSecurityDescriptorDacl
SetEntriesInAclW
RegCloseKey
GetNamedSecurityInfoW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
RevokeDragDrop
RegisterDragDrop

oleaut32

SysAllocString
SysFreeString
VariantClear

iphlpapi

GetAdaptersAddresses

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
UIWindowProcedure

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dd82ba53a57874af6e30680a98d281a

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

59:60:6a:c0:0a:2f:9f:36:80:8c:ab:db:6c:6e:7e:37Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40Certificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

3e:c2:8a:08:63:83:75:90:71:b0:e8:15:7f:8c:17:e2:bb:c2:db:40:ac:9e:eb:b9:47:18:9b:5d:25:0d:ab:a9Signer

8c:68:6c:ee:a8:34:1a:15:15:43:49:ad:0d:3c:36:02:84:56:4d:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

msimg32

imm32

oleacc

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 567KB - Virtual size: 567KB

.data Size: 38KB - Virtual size: 50KB

.rsrc Size: 501KB - Virtual size: 500KB

.reloc Size: 83KB - Virtual size: 83KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

59:60:6a:c0:0a:2f:9f:36:80:8c:ab:db:6c:6e:7e:37
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

3e:c2:8a:08:63:83:75:90:71:b0:e8:15:7f:8c:17:e2:bb:c2:db:40:ac:9e:eb:b9:47:18:9b:5d:25:0d:ab:a9
Signer

8c:68:6c:ee:a8:34:1a:15:15:43:49:ad:0d:3c:36:02:84:56:4d:13
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 567KB - Virtual size: 567KB

.data
Size: 38KB - Virtual size: 50KB

.rsrc
Size: 501KB - Virtual size: 500KB

.reloc
Size: 83KB - Virtual size: 83KB