NEAS[.]411a08fae3225962315ddc2b289e6e44_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.411a08fae3225962315ddc2b289e6e44_JC.exe
Size

1.1MB
MD5

411a08fae3225962315ddc2b289e6e44
SHA1

7a65d7ad51a69bf1c1375cfd2cc7e99680d6408c
SHA256

9046e4659c58e3dadfeaebf12d2c8916aef99c23722edab1926f4ae0f5cb0f87
SHA512

63ea56f4b652fd58068d7676d7f86f5adefcc1cac859cff2bed534118b237730497fc69d47f7ba7b8f6e6f674943ae80331026ded114bd08e40da55d53225279
SSDEEP

24576:Z3MZ1z5SmBJ5cIlzAaUPGwXGnBvCELsEbtAY/vwlrmxe4dQ2phzLXqphrYmJdZeY:l5JJNewjUmJdUT1EefQNFv

Score

1^/10

Malware Config

Signatures

Files

NEAS.411a08fae3225962315ddc2b289e6e44_JC.exe
.exe windows:5 windows x86

dc483e4cf899829e866c5f87e01ec900

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2021 15:35

Not After

06-03-2032 15:35

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:e1:7b:4b:9b:9c:fb:f4:f9:90:31:e3:03:2c:78:e2:0d:e0:2e:99:47:0a:95:77:53:8f:5b:9f:1d:b1:b7:4d
Signer

Actual PE Digest

47:e1:7b:4b:9b:9c:fb:f4:f9:90:31:e3:03:2c:78:e2:0d:e0:2e:99:47:0a:95:77:53:8f:5b:9f:1d:b1:b7:4d

Digest Algorithm

sha256

PE Digest Matches

false

dc:75:83:1d:af:db:98:52:d8:df:66:c6:bc:56:51:40:ee:63:37:f7
Signer

Actual PE Digest

dc:75:83:1d:af:db:98:52:d8:df:66:c6:bc:56:51:40:ee:63:37:f7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
lstrcmpiW
GetFileAttributesExW
FreeResource
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
WTSGetActiveConsoleSessionId
GetTickCount
CreateProcessW
SetFilePointer
WriteFile
FlushFileBuffers
SetEndOfFile
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
GetModuleHandleA
GetModuleHandleExW
InterlockedIncrement
CreateDirectoryW
MoveFileW
CopyFileW
GetCommandLineW
GetLongPathNameW
QueueUserWorkItem
GlobalFree
LockFileEx
UnlockFileEx
InitializeCriticalSectionAndSpinCount
CreateEventA
GetLocalTime
GetEnvironmentVariableW
SetEnvironmentVariableW
RaiseException
GetCurrentDirectoryW
GlobalLock
GlobalUnlock
ReleaseSemaphore
CreateSemaphoreW
GetDiskFreeSpaceW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
SetLastError
ProcessIdToSessionId
lstrlenA
lstrcmpiA
lstrcmpA
LoadLibraryA
SetWaitableTimer
OpenEventA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
LoadLibraryExW
ReleaseMutex
CreateMutexW
GetCurrentProcessId
DeviceIoControl
MoveFileExW
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
DeleteFileW
SystemTimeToFileTime
GetSystemTime
GetSystemDirectoryW
GetSystemWindowsDirectoryW
ReadFile
GetFileSize
WritePrivateProfileStringW
GetDriveTypeW
GetModuleFileNameW
GetWindowsDirectoryW
GetPrivateProfileStringW
TerminateThread
CreateThread
ResetEvent
GetOverlappedResult
CreateFileW
OpenProcess
FindNextFileW
FindFirstFileW
ResumeThread
SetEvent
LoadLibraryW
InterlockedCompareExchange
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
WaitForMultipleObjects
WaitForSingleObject
UnlockFile
LockFile
GetVersion
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalAlloc
lstrlenW
LocalFree
InterlockedDecrement
GetModuleHandleW
GetProcAddress
CloseHandle
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
LCMapStringA
GetStartupInfoW
ExitProcess
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
GetVolumeInformationW
DuplicateHandle
CreateSemaphoreA
CancelIo
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExW
CreateEventW
InterlockedExchange
FindClose
FreeLibrary
CreateWaitableTimerA

user32

CharNextW
UnregisterDeviceNotification
RegisterDeviceNotificationW
LoadStringW
GetSystemMetrics
wsprintfW

advapi32

RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegQueryValueW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ChangeServiceConfig2W
ChangeServiceConfigW
CreateServiceW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
QueryServiceStatus
StartServiceW
QueryServiceConfig2W
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
DuplicateTokenEx
CloseEventLog
ReadEventLogW
OpenEventLogW
ConvertSidToStringSidW
EqualSid
AllocateAndInitializeSid
GetTokenInformation
FreeSid
ConvertStringSidToSidW
OpenProcessToken
RegNotifyChangeKeyValue
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA

shell32

ord165
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord680

ole32

GetHGlobalFromStream
CoUninitialize
CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

SysAllocString
VarUI4FromStr
SysStringByteLen
SysStringLen
SysAllocStringByteLen
SysFreeString

shlwapi

PathFindExtensionW
PathFindFileNameW
SHDeleteKeyW
StrCmpIW
PathCombineW
PathFileExistsW
ord437
PathIsPrefixW
PathRemoveBackslashW
StrCatW
StrCpyW
SHGetValueA
StrStrIA
SHDeleteValueW
SHSetValueW
PathAppendW
SHGetValueW
PathIsDirectoryW
PathRemoveFileSpecW
StrStrIW
SHSetValueA

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleFileNameExW

wininet

InternetOpenUrlW
DeleteUrlCacheEntryW
InternetOpenW
InternetSetOptionW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW

wtsapi32

WTSWaitSystemEvent

userenv

ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock

iphlpapi

GetAdaptersInfo

ws2_32

htons
htonl
ntohs
ntohl

rpcrt4

RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
NdrServerCall2
NdrAsyncServerCall
RpcBindingFree
RpcStringFreeW
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrAsyncClientCall

ntdll

NtSetInformationToken
RtlUnwind

Sections

.text
Size: 763KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc483e4cf899829e866c5f87e01ec900

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

47:e1:7b:4b:9b:9c:fb:f4:f9:90:31:e3:03:2c:78:e2:0d:e0:2e:99:47:0a:95:77:53:8f:5b:9f:1d:b1:b7:4dSigner

dc:75:83:1d:af:db:98:52:d8:df:66:c6:bc:56:51:40:ee:63:37:f7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

version

psapi

wininet

wtsapi32

userenv

iphlpapi

ws2_32

rpcrt4

ntdll

Sections

.text Size: 763KB - Virtual size: 763KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 25KB - Virtual size: 50KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 64KB - Virtual size: 63KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

47:e1:7b:4b:9b:9c:fb:f4:f9:90:31:e3:03:2c:78:e2:0d:e0:2e:99:47:0a:95:77:53:8f:5b:9f:1d:b1:b7:4d
Signer

dc:75:83:1d:af:db:98:52:d8:df:66:c6:bc:56:51:40:ee:63:37:f7
Signer

.text
Size: 763KB - Virtual size: 763KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 25KB - Virtual size: 50KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 64KB - Virtual size: 63KB