NEAS[.]461226ecf07cff41abfb42b5d8cf2dc0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.461226ecf07cff41abfb42b5d8cf2dc0_JC.exe
Size

1.8MB
MD5

461226ecf07cff41abfb42b5d8cf2dc0
SHA1

8a8bfdbfe0cc60f54800f7ad3a852c5de294566f
SHA256

2f949fdc09ac547523fbf69e3ca40ad4773c631037d53605ad15d0319549df98
SHA512

9c60b6ac065c554e1c71e792ec95b15c619ef86b6e8fa5b61d9b0d69c51e5efdbe2b9eeeac4238483d04ffb4ba42facebd771aa02da9569e26e9e4c0b87062c9
SSDEEP

49152:8c6Dsh96ExxBTkFpKCJfzVhrm4KMyx3gS7uxs69kYrsbqddZ1N:8/Dc96ElGVhTfouTqY8MN

Score

1^/10

Malware Config

Signatures

Files

NEAS.461226ecf07cff41abfb42b5d8cf2dc0_JC.exe
.dll windows:5 windows x86

a3c5a8e92ff4e96b86b99d81724cc19d

Code Sign

33:00:00:02:24:6d:92:e5:58:ca:75:fe:78:00:00:00:00:02:24
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

31-05-2018 17:37

Not After

29-05-2019 17:37

Subject

CN=Microsoft Windows Kits Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:07:fc:91:07:1d:4a:63:9b:6d:e2:8c:88:5f:6a:c6:2e:ef:f3:33:51:97:27:5a:10:2c:10:78:0c:fb:ff:da
Signer

Actual PE Digest

7a:07:fc:91:07:1d:4a:63:9b:6d:e2:8c:88:5f:6a:c6:2e:ef:f3:33:51:97:27:5a:10:2c:10:78:0c:fb:ff:da

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DragObject
DeregisterShellHookWindow
GetSysColorBrush
SwitchToThisWindow
IsCharAlphaNumericA

kernel32

GetModuleFileNameW
WideCharToMultiByte
GetModuleFileNameA
IsProcessorFeaturePresent
CreateThread
VirtualAlloc
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
LoadLibraryA
GetProcAddress

shlwapi

PathRelativePathToW

ole32

CoEnableCallCancellation

shell32

SHFileOperationA

advapi32

RegRestoreKeyA
SaferCloseLevel

oleaut32

LoadTypeLibEx
GetErrorInfo

msvcrt

isleadbyte
putc

urlmon

IsValidURL

winspool.drv

EnumFormsW

Exports

Exports

MlHleewehee

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vNe=w
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3c5a8e92ff4e96b86b99d81724cc19d

Code Sign

33:00:00:02:24:6d:92:e5:58:ca:75:fe:78:00:00:00:00:02:24Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

7a:07:fc:91:07:1d:4a:63:9b:6d:e2:8c:88:5f:6a:c6:2e:ef:f3:33:51:97:27:5a:10:2c:10:78:0c:fb:ff:daSigner

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

ole32

shell32

advapi32

oleaut32

msvcrt

urlmon

winspool.drv

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 104KB - Virtual size: 106KB

.qdata Size: 92KB - Virtual size: 90KB

vNe=w Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 24KB - Virtual size: 23KB

33:00:00:02:24:6d:92:e5:58:ca:75:fe:78:00:00:00:00:02:24
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

7a:07:fc:91:07:1d:4a:63:9b:6d:e2:8c:88:5f:6a:c6:2e:ef:f3:33:51:97:27:5a:10:2c:10:78:0c:fb:ff:da
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 104KB - Virtual size: 106KB

.qdata
Size: 92KB - Virtual size: 90KB

vNe=w
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 24KB - Virtual size: 23KB