NEAS[.]a4c9501c1cdb2ded94446f0bd12bec10_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.a4c9501c1cdb2ded94446f0bd12bec10_JC.exe
Size

1.4MB
MD5

a4c9501c1cdb2ded94446f0bd12bec10
SHA1

bf3f3e5258ffdcb50e41360d000412ccedc4fecf
SHA256

7c484fe3b44a2244dc531da5fa7c0a63a144c821436129da7d38c169ba6e4101
SHA512

8fdc0c0b683140b4c8c0426790916bbf07cd37a2cb57db3ab802d493c2a60257e8f57fc7457047783ecde91aacd15abe0615a506aa5091eadd32b61ccd7db91a
SSDEEP

24576:aCiSH1aEy6dvMeA66umzRIhpRy+6DmjltQ8GuUdqyPCKw:a5SVXdvHA66um9ITRFwmjltCuUdqyPb

Score

1^/10

Malware Config

Signatures

Files

NEAS.a4c9501c1cdb2ded94446f0bd12bec10_JC.exe
.exe windows:5 windows x86

629eec3b04e79aeca1ee81cc6215f243

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 12:00

Not After

27-01-2014 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 09:00

Not After

27-01-2014 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:24:da:79:a3:f3
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

09-11-2009 18:54

Not After

09-11-2012 18:54

Subject

CN=TrueCrypt Foundation,O=TrueCrypt Foundation,ST=Nevada,C=US,1.2.840.113549.1.9.1=#0c15636f6e74616374407472756563727970742e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c8:cd:46:fe:8a:0d:92:36:44:ac:3b:77:4b:37:e2:aa:e1:69:63
Signer

Actual PE Digest

20:c8:cd:46:fe:8a:0d:92:36:44:ac:3b:77:4b:37:e2:aa:e1:69:63

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_Add

setupapi

SetupOpenInfFileA
SetupInstallFromInfSectionA
SetupCloseInfFile
SetupDiOpenClassRegKey

kernel32

VirtualUnlock
DefineDosDeviceA
GetCurrentProcessId
FormatMessageW
VirtualQuery
ReleaseMutex
OpenMutexA
GetVolumeInformationW
QueryPerformanceCounter
QueryPerformanceFrequency
FlushFileBuffers
GetFileSize
GetCurrentProcess
GetModuleHandleA
GetVersionExA
GetCurrentDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
GetFileAttributesA
SetFilePointer
GetModuleFileNameW
SetCurrentDirectoryA
UnhandledExceptionFilter
GetSystemInfo
GetFileInformationByHandle
WaitForSingleObject
GetCurrentThread
SetUnhandledExceptionFilter
GetDriveTypeA
GetDiskFreeSpaceA
InterlockedExchangeAdd
InterlockedExchange
SetEvent
ResetEvent
CreateEventA
FindNextFileW
CreateFileW
FindFirstFileW
_lwrite
_lread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoA
GetProcessWorkingSetSize
GetProcessTimes
GetThreadTimes
GlobalMemoryStatus
GetProcessHeap
InitializeCriticalSection
LocalFree
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
PeekNamedPipe
GetFullPathNameA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ResumeThread
ExitThread
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
GetFileAttributesW
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
TerminateProcess
HeapAlloc
ExitProcess
GetModuleHandleW
RtlUnwind
RaiseException
HeapFree
FindFirstVolumeW
QueryDosDeviceW
FindNextVolumeW
GetVolumePathNameA
GetVolumeInformationA
GetShortPathNameA
GetTempPathA
CopyFileA
VirtualLock
FindFirstFileA
LoadLibraryA
GetProcAddress
FreeLibrary
FindNextFileA
FindClose
InterlockedCompareExchange
SetFilePointerEx
CreateFileA
GetFileSizeEx
GetFileTime
ReadFile
WriteFile
SetFileTime
SetLastError
FindFirstVolumeA
QueryDosDeviceA
FindNextVolumeA
FindVolumeClose
GetLogicalDrives
GetCommandLineA
GetCommandLineW
GetTickCount
CreateMutexA
Sleep
GetSystemDirectoryA
CreateDirectoryA
DeleteFileA
DeviceIoControl
GetModuleFileNameA
CreateProcessA
CloseHandle
SetProcessShutdownParameters
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetLastError
InterlockedDecrement
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsValidLocale

user32

GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
GetUpdateRect
BeginPaint
DestroyWindow
EndPaint
GetClipboardViewer
GetWindowTextW
GetClientRect
GetSystemMetrics
GetWindowInfo
MoveWindow
SetWindowPos
GetDC
ReleaseDC
MessageBoxA
GetActiveWindow
PeekMessageA
GetMessagePos
SetLayeredWindowAttributes
CreateWindowExA
RegisterClassExA
TrackMouseEvent
GetSystemMenu
SystemParametersInfoW
SendMessageTimeoutA
wsprintfA
DrawTextA
GetClassInfoA
UnhookWindowsHookEx
CallNextHookEx
GetCaretPos
GetQueueStatus
GetOpenClipboardWindow
GetProcessWindowStation
GetMessageTime
GetInputState
GetFocus
GetDialogBaseUnits
DefWindowProcA
GetDesktopWindow
wsprintfW
UnregisterHotKey
GetClipboardOwner
GetCapture
SetWindowsHookExA
CallWindowProcA
EnumWindows
GetWindowLongA
RegisterWindowMessageA
IsWindowEnabled
SystemParametersInfoA
DrawMenuBar
PostMessageA
GetCursorPos
MessageBeep
SetWindowLongA
SetMenuItemInfoW
IsDlgButtonChecked
CheckDlgButton
LoadBitmapA
GetDlgItemInt
CreatePopupMenu
GetWindowRect
TrackPopupMenu
DestroyMenu
SetDlgItemInt
GetMenu
EnableMenuItem
SetForegroundWindow
LoadImageA
DestroyIcon
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
SendDlgItemMessageW
GetKeyboardLayout
LoadKeyboardLayoutA
MessageBoxW
DialogBoxParamW
InvalidateRect
ShowWindow
GetWindowTextA
AppendMenuW
AppendMenuA
SetWindowTextA
GetWindowTextLengthA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetParent
EnableWindow
SetTimer
SetWindowTextW
GetWindowTextLengthW
KillTimer
EndDialog
GetAsyncKeyState
GetDlgItem
SendMessageA
SendMessageW
RegisterHotKey

gdi32

MoveToEx
LineTo
GetCurrentObject
GetObjectA
CreateCompatibleBitmap
SetStretchBltMode
CreatePen
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
SelectObject
GetTextExtentPoint32W
GetTextMetricsA
GetStockObject
CreateFontIndirectW
StretchBlt
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

ReportEventA
RegDeleteValueA
RegCreateKeyExA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetTokenInformation
IsWellKnownSid
QueryServiceStatus
ControlService
StartServiceA
RegOpenKeyExA
OpenProcessToken
RegQueryValueExA
RegSetValueExA
ChangeServiceConfigA
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
OpenServiceA
DeleteService
RegCloseKey
CloseServiceHandle
StartServiceCtrlDispatcherA
SetServiceStatus
DeregisterEventSource
RegisterEventSourceA
RegisterServiceCtrlHandlerA

shell32

ord680
SHGetFileInfoA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListA
CommandLineToArgvW
SHChangeNotify
SHGetFolderPathA
DragAcceptFiles
DragQueryFileA
DragFinish
Shell_NotifyIconA
Shell_NotifyIconW
ShellExecuteW

ole32

CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoGetObject

oleaut32

SysStringByteLen
SysAllocStringLen
SysFreeString
SysAllocStringByteLen

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

629eec3b04e79aeca1ee81cc6215f243

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

01:00:00:00:00:01:24:da:79:a3:f3Certificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

20:c8:cd:46:fe:8a:0d:92:36:44:ac:3b:77:4b:37:e2:aa:e1:69:63Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

setupapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 520KB - Virtual size: 520KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 19KB - Virtual size: 213KB

.rsrc Size: 710KB - Virtual size: 710KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

01:00:00:00:00:01:24:da:79:a3:f3
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

20:c8:cd:46:fe:8a:0d:92:36:44:ac:3b:77:4b:37:e2:aa:e1:69:63
Signer

.text
Size: 520KB - Virtual size: 520KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 19KB - Virtual size: 213KB

.rsrc
Size: 710KB - Virtual size: 710KB