NEAS[.]fd87063212d2fe196adbfb183e60d620_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.fd87063212d2fe196adbfb183e60d620_JC.exe
Size

29KB
MD5

fd87063212d2fe196adbfb183e60d620
SHA1

c8e6223114ae291ccfb45fd16a9a726e88248782
SHA256

10ffdccfd568d6a808d8cfcfb7d07c1a1c42c1e07ad90a3c2e87ed343b3624ff
SHA512

b6e56e4c68dd3a78771c78bcc7bc273fdfdcad1be43d695a4cf8c786afa255226ed6ed51cd492553087748c9999f5306320b8f068496e456826a03134e6618c5
SSDEEP

384:7jaZ46urbxA7obKom5d0mhjHyOIx5ShzK7MH2KP1oNygUKLVeMT8E9VF3AM+ol5n:XD6uJ8omr0mhj7+7MWk1VENAMx/

Score

1^/10

Malware Config

Signatures

Files

NEAS.fd87063212d2fe196adbfb183e60d620_JC.exe
.sys windows:10 windows x64

10b679e8878465a73bbbefd6c5f9a15a

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:4b:80:a0:e2:6c:94:f7:77:32:38:59:a7:9a:de:c5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22-11-2013 00:00

Not After

22-11-2014 23:59

Subject

CN=Xinyi Electronic Technology (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Xinyi Electronic Technology (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:63:76:b7:1d:40:3e:07:3a:db:05:17:1d:59:ac:43:9b:0f:54:36
Signer

Actual PE Digest

13:63:76:b7:1d:40:3e:07:3a:db:05:17:1d:59:ac:43:9b:0f:54:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_stricmp
strstr
RtlInitAnsiString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
RtlEqualUnicodeString
DbgPrint
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmCreateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoFreeMdl
ObReferenceObjectByHandleWithTag
ObCloseHandle
ObfDereferenceObject
ZwOpenFile
ZwClose
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlCompareString
MmIsAddressValid
PsGetProcessCreateTimeQuadPart
IoRegisterDriverReinitialization
IoCreateFileEx
ZwTerminateProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
PsLookupThreadByThreadId
MmFlushImageSection
ObOpenObjectByPointer
ObMakeTemporaryObject
ZwDeleteFile
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ZwQueryVirtualMemory
KeInitializeApc
KeInsertQueueApc
PsGetProcessPeb
PsSuspendProcess
PsResumeProcess
PsGetProcessWow64Process
RtlImageNtHeader
ObReferenceObjectByName
ZwQuerySystemInformation
IoFileObjectType
PsInitialSystemProcess
IoDriverObjectType
MmGetSystemRoutineAddress
IoAllocateMdl
RtlPcToFileHeader

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10b679e8878465a73bbbefd6c5f9a15a

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

48:4b:80:a0:e2:6c:94:f7:77:32:38:59:a7:9a:de:c5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

13:63:76:b7:1d:40:3e:07:3a:db:05:17:1d:59:ac:43:9b:0f:54:36Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 160B

.pdata Size: 1024B - Virtual size: 516B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

48:4b:80:a0:e2:6c:94:f7:77:32:38:59:a7:9a:de:c5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

13:63:76:b7:1d:40:3e:07:3a:db:05:17:1d:59:ac:43:9b:0f:54:36
Signer

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 160B

.pdata
Size: 1024B - Virtual size: 516B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B