NEAS[.]7fc0cbde5016a3396c1c66dc9b231a60_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.7fc0cbde5016a3396c1c66dc9b231a60_JC.exe
Size

439KB
MD5

7fc0cbde5016a3396c1c66dc9b231a60
SHA1

cd04e1bb751aeed0dca0801f69fd9e5663166a49
SHA256

390d0ce2eb150c80136239869dc9ed9e27500f87a76e55b7d37e20571ca4692a
SHA512

69eb0dfe68c88524ede0bcabeaa1e06cbda9681e2c6fadddb409659958e0f7f1ff716828a6a228eeef9ef49f5f47053418564bd000b1bf8d9cd28833d6bcd1de
SSDEEP

6144:usMe/RsZB5PAgvgi7XS6UuP4bXCQ6fkxDBwZIAeTNy1JRm4qJBDIpixXCTBOhzO1:UusXPD6ckZRKtayuvLCTYhK

Score

1^/10

Malware Config

Signatures

Files

NEAS.7fc0cbde5016a3396c1c66dc9b231a60_JC.exe
.dll windows:5 windows x64

484248b9c3fe8b25a6de7704b09a0323

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:1b:9c:70:76:58:0d:f8:81:cc:25:3f:5d:d1:0b:aa
Certificate

Issuer

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/07/2011, 00:00

Not After

26/07/2014, 23:59

Subject

CN=Andrey Borodin,O=Andrey Borodin,POSTALCODE=394088,STREET=An. Ovseenko 23a-106,L=Voronezh,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

15:6f:94:f2:9b:d4:40:7b:aa:37:ab:44:96:5b:8e:37:fa:73:88:61
Signer

Actual PE Digest

15:6f:94:f2:9b:d4:40:7b:aa:37:ab:44:96:5b:8e:37:fa:73:88:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

connect
ntohl
inet_addr
htonl
WSAGetLastError
htons
setsockopt
recv
socket
WSASetLastError
closesocket
gethostbyname
send

winmm

timeGetTime

kernel32

HeapReAlloc
WriteConsoleW
SetStdHandle
HeapSize
LCMapStringW
GetStringTypeW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
GetProcAddress
WriteFile
CreateFileW
CloseHandle
SetFilePointer
OutputDebugStringW
WideCharToMultiByte
Sleep
FileTimeToSystemTime
MultiByteToWideChar
GetLastError
GetLocalTime
WaitForSingleObject
TerminateThread
CreateThread
QueryPerformanceCounter
RtlUnwindEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
SetEndOfFile
ExitProcess
GetModuleHandleExW
AreFileApisANSI
EnterCriticalSection
LeaveCriticalSection
ReadFile
GetSystemTimeAsFileTime
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleFileNameA

user32

wsprintfW

Exports

Exports

ItvFormat_GetUnit

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

484248b9c3fe8b25a6de7704b09a0323

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:feCertificate

Key Usages

82:1b:9c:70:76:58:0d:f8:81:cc:25:3f:5d:d1:0b:aaCertificate

Extended Key Usages

Key Usages

15:6f:94:f2:9b:d4:40:7b:aa:37:ab:44:96:5b:8e:37:fa:73:88:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

kernel32

user32

Exports

Exports

Sections

.text Size: 305KB - Virtual size: 305KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 15KB - Virtual size: 33KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

82:1b:9c:70:76:58:0d:f8:81:cc:25:3f:5d:d1:0b:aa
Certificate

15:6f:94:f2:9b:d4:40:7b:aa:37:ab:44:96:5b:8e:37:fa:73:88:61
Signer

.text
Size: 305KB - Virtual size: 305KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 15KB - Virtual size: 33KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB