NEAS[.]47a44baae974b4ddd8dad1dc1287c560_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.47a44baae974b4ddd8dad1dc1287c560_JC.exe
Size

92KB
MD5

47a44baae974b4ddd8dad1dc1287c560
SHA1

fda0e9db9d6cad17c8a95eda9d003939f0b9e204
SHA256

8a32e6015becb8af2f66a15c8af599d5667a0e52fe6ed843310ad0acab0d3bd8
SHA512

861622f8492b9fa4e6f24362e94674c6d2e4d6cb67a5eb1ac5ccfb121a9e87cee9985786da03d70a0f6407445a9fe9866c4d44895d67f4830658f6edd522e4b9
SSDEEP

1536:0ikk4asNPXfVnb5hgNIqPdxK8Mg6sM6grOsASqada7CuUa9:vkk4a+LhgNIWdxlS01ao7Ua9

Score

1^/10

Malware Config

Signatures

Files

NEAS.47a44baae974b4ddd8dad1dc1287c560_JC.exe
.exe windows:4 windows x86

5059d6d5b6b88b226fb26ce794f5d675

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:c3:e0:9f:1f:4c:96:79:90:9f:2c:cf:cd:23:8a:4f:cc:50:43:9e
Signer

Actual PE Digest

11:c3:e0:9f:1f:4c:96:79:90:9f:2c:cf:cd:23:8a:4f:cc:50:43:9e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
FindFirstFileW
FindNextFileW
FindClose
GetShortPathNameW
GetCurrentProcess
LocalAlloc
LocalFree
LoadLibraryW
lstrcpynW
FreeLibrary
CloseHandle
GetModuleHandleA
GetProcAddress
GetModuleFileNameW
WritePrivateProfileStructW
WritePrivateProfileStringW
GetLocalTime
GetStartupInfoA
GlobalFree
GlobalDeleteAtom
GlobalAddAtomW
CreateProcessW
WaitForSingleObject
GetACP
CreateFileW
GetFileTime
GetVersionExW
RemoveDirectoryW
GetTempPathW
CreateDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
DeleteFileW
MoveFileExW
GetWindowsDirectoryA
SetLastError
GetShortPathNameA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetLastError
GetModuleHandleW
GetFileAttributesW
GetVersion
OutputDebugStringA

user32

SystemParametersInfoW
GetWindowRect
GetWindow
GetClientRect
DialogBoxParamW
MapWindowPoints
SetWindowPos
EndDialog
SetWindowLongW
GetWindowLongW
GetParent
IsDlgButtonChecked

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
RegEnumKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
OleRun
CoTaskMemAlloc
CoInitialize

shlwapi

SHGetValueW
PathRemoveBlanksW
PathStripToRootW
wnsprintfW
SHSetValueW
PathAppendA
PathIsDirectoryW
PathAppendW
StrStrIW
SHDeleteValueW
SHDeleteKeyW
PathRemoveFileSpecW
PathFileExistsW
PathRemoveBackslashW

msvcrt

printf
_wtoi
wcstok
wcscmp
_purecall
_except_handler3
wcsncpy
memcmp
_CxxThrowException
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
localtime
time
free
_wfopen
ftell
fread
strchr
strrchr
fwrite
??2@YAPAXI@Z
fopen
rewind
fgets
strstr
fputs
fseek
fclose
strncpy
strlen
memcpy
_wcsicmp
wcslen
__CxxFrameHandler
memset
_snwprintf
_strlwr
_wcsnicmp
_snprintf
_strnicmp

wininet

InternetSetCookieW

urlmon

URLDownloadToCacheFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5059d6d5b6b88b226fb26ce794f5d675

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

11:c3:e0:9f:1f:4c:96:79:90:9f:2c:cf:cd:23:8a:4f:cc:50:43:9eSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcrt

wininet

urlmon

version

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 35KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

11:c3:e0:9f:1f:4c:96:79:90:9f:2c:cf:cd:23:8a:4f:cc:50:43:9e
Signer

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 35KB