NEAS[.]c357b110d74c9e48d9102d4c483e8070_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c357b110d74c9e48d9102d4c483e8070_JC.exe
Size

2.8MB
MD5

c357b110d74c9e48d9102d4c483e8070
SHA1

e88b2332872a09ecbf5d749faf312b051710528e
SHA256

cc3d26b0852abce28cd9e89729d615ac258d05a75efd83441076156e7e504f8f
SHA512

53036ca8e51ee33c2cd191ae281e71e0cad820db183ed0d0bd6a275a8fe3c07e56fc4dc7e531e2c0b222564a0706750fd1ab993df2518a48097448a05bb17625
SSDEEP

49152:P+GPM3DHTnTv3sUcwGfyti3dBhkhc1YXFYPcyemRTqsaWw4HpFiL8:6znTUVryti3n661Yzyemt

Score

1^/10

Malware Config

Signatures

Files

NEAS.c357b110d74c9e48d9102d4c483e8070_JC.exe
.dll windows:6 windows x86

649b51e0f86718544f2a46a77a853504

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:fb:8f:54:c0:1e:bd:2d:96:e6:75:57
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/12/2022, 07:20

Not After

02/01/2024, 10:35

Subject

SERIALNUMBER=110111-1772535,CN=Everyzone Inc.,O=Everyzone Inc.,STREET=136 Mapo-daero,L=Mapo-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:ae:d3:c9:39:32:e4:31:bb:a2:6f:2b:15:c5:ab:15:a4:da:de:3e:a5:80:13:7b:21:3e:cf:4e:08:c4:08:e9
Signer

Actual PE Digest

59:ae:d3:c9:39:32:e4:31:bb:a2:6f:2b:15:c5:ab:15:a4:da:de:3e:a5:80:13:7b:21:3e:cf:4e:08:c4:08:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

fltlib

FilterReplyMessage
FilterGetMessage
FilterConnectCommunicationPort

iphlpapi

GetAdaptersInfo

netapi32

NetApiBufferFree
NetWkstaGetInfo

shlwapi

PathRemoveFileSpecW
PathRemoveFileSpecA
PathFileExistsA
PathFindFileNameW
PathAddBackslashA
PathFileExistsW
PathAddBackslashW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wldap32

ord26
ord117
ord41
ord208
ord27
ord142
ord46
ord219
ord145
ord127
ord216
ord167
ord79
ord301
ord133
ord147
ord14

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

kernel32

FreeLibrary
EnterCriticalSection
LeaveCriticalSection
CreateFileW
ReadDirectoryChangesW
TerminateProcess
OutputDebugStringA
WaitForSingleObject
WaitForMultipleObjects
MultiByteToWideChar
GetLocalTime
VerifyVersionInfoW
VerSetConditionMask
WriteFile
WritePrivateProfileStringW
GetCurrentProcess
GetModuleFileNameA
WideCharToMultiByte
GetPrivateProfileStringA
GetPrivateProfileStringW
FormatMessageW
FormatMessageA
GetLastError
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
SleepEx
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
QueueUserAPC
TerminateThread
DeleteFileW
Sleep
GetWindowsDirectoryW
GetSystemDirectoryW
GetLogicalDrives
GetDriveTypeW
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
CopyFileW
CreateDirectoryA
GetNativeSystemInfo
GetModuleHandleW
GetStartupInfoW
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetSystemTimeAsFileTime
CreateWaitableTimerW
CancelIo
InitializeCriticalSectionEx
RaiseException
DecodePointer
CreateMailslotW
GetMailslotInfo
ReadFile
CreateThread
GetSystemTime
GetEnvironmentVariableW
GetCurrentThreadId
GetModuleHandleExW
GetStdHandle
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
QueryPerformanceFrequency
GetTickCount
GetProcAddress
WaitForSingleObjectEx
CompareFileTime
GetEnvironmentVariableA
PeekNamedPipe
GetModuleHandleA
SystemTimeToFileTime
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameW
LocalFree
OpenProcess
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
OutputDebugStringW
SetEvent
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetEndOfFile
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetACP
GetConsoleCP
SetFilePointerEx
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
ExitProcess
SetConsoleCtrlHandler
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
TryEnterCriticalSection
EncodePointer
GetExitCodeThread
GetCurrentThread
DuplicateHandle
IsDebuggerPresent
MoveFileExW
LoadLibraryW

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegDeleteValueW
GetTokenInformation
ConvertSidToStringSidW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
LookupPrivilegeValueW
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RevertToSelf
ImpersonateLoggedOnUser
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
OpenProcessToken

shell32

ShellExecuteW
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VariantClear
VariantInit

ws2_32

ntohs
gethostname
sendto
recvfrom
htons
getpeername
getsockopt
WSAIoctl
WSACleanup
WSAStartup
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
socket
send
recv
getnameinfo
WSAGetLastError
closesocket
ioctlsocket
setsockopt
WSASend
ntohl
htonl
shutdown
getsockname
getaddrinfo
WSASetLastError
freeaddrinfo
WSASocketW
connect
accept
listen
bind
WSARecv
__WSAFDIsSet
select

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertOpenStore

Exports

Exports

DeleteAVInfo
DeleteAgentInfo
DeleteWDInfo
InitSocket
SendBootAndShutdownTime
SendBootTime
SendLogonUserSessionChange
SendShutdownTime
StartMediaStandAlone
StartSocket
StartWebSocket
StopSocket
UninitSocket

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

649b51e0f86718544f2a46a77a853504

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

3d:fb:8f:54:c0:1e:bd:2d:96:e6:75:57Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

59:ae:d3:c9:39:32:e4:31:bb:a2:6f:2b:15:c5:ab:15:a4:da:de:3e:a5:80:13:7b:21:3e:cf:4e:08:c4:08:e9Signer

Headers

DLL Characteristics

File Characteristics

Imports

fltlib

iphlpapi

netapi32

shlwapi

userenv

wldap32

wtsapi32

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

bcrypt

crypt32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 600KB - Virtual size: 600KB

.data Size: 32KB - Virtual size: 555KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 97KB - Virtual size: 97KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

3d:fb:8f:54:c0:1e:bd:2d:96:e6:75:57
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

59:ae:d3:c9:39:32:e4:31:bb:a2:6f:2b:15:c5:ab:15:a4:da:de:3e:a5:80:13:7b:21:3e:cf:4e:08:c4:08:e9
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 600KB - Virtual size: 600KB

.data
Size: 32KB - Virtual size: 555KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 97KB - Virtual size: 97KB