NEAS[.]0241faa5a67f69cd2c94386ca6cc7e80_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0241faa5a67f69cd2c94386ca6cc7e80_JC.exe
Size

1.4MB
MD5

0241faa5a67f69cd2c94386ca6cc7e80
SHA1

a4fedcd89873ab2a7ea00937958155f6f491a62e
SHA256

b9680b24d4fe1f43743415b4967cba3c90b638c7099c95907323c46b84a0e83d
SHA512

89a641a5ce8acc21b75d84e9e25431b3ba8573efcc964f1d9e27678c830f7e7343029f3035fcf2ab075feaac074fdd6ec36a8e385802a4b6a669c2a3444612b1
SSDEEP

12288:dZmsC+UWIYKE/lTxxm+DIYwkISG0LPVV0bhIGk+fYMN7QUF5SyiaDK6wqCzyaRmq:jSjrEzH0FcU2f0ZX+n359qsRe4gK

Score

1^/10

Malware Config

Signatures

Files

NEAS.0241faa5a67f69cd2c94386ca6cc7e80_JC.exe
.exe windows:4 windows x86

8c86565866a1fca0dbf63c03b280b144

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:c5:e7:f4:c1:a7:73:fe:0b:30:ad:3b:3d:52:69:b9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

26/11/2019, 00:00

Not After

25/11/2022, 23:59

Subject

SERIALNUMBER=110111-2621484,CN=nTrackSystem Co.\,Ltd.,O=nTrackSystem Co.\,Ltd.,L=Yeongdeungpo-gu,ST=Seoul,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130f59656f6e676465756e67706f2d6775,1.3.6.1.4.1.311.60.2.1.2=#130553656f756c,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ed:a7:9d:e6:14:e2:3d:62:70:7c:df:c7:14:85:73:e7:c1:84:da:1b:0e:32:5b:ff:b3:e2:3f:2b:5d:0b:23:64
Signer

Actual PE Digest

ed:a7:9d:e6:14:e2:3d:62:70:7c:df:c7:14:85:73:e7:c1:84:da:1b:0e:32:5b:ff:b3:e2:3f:2b:5d:0b:23:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandA

setupapi

SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
CM_Get_DevNode_Status
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA
CM_Get_Parent
CM_Get_Device_ID_Size
SetupDiGetDeviceInstallParamsA
SetupDiClassNameFromGuidA
CM_Query_And_Remove_SubTreeA
CM_Request_Device_EjectA
SetupDiEnumDeviceInfo
CM_Get_Device_IDA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

netapi32

NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo
SendARP
GetIfEntry
GetIfTable
GetNetworkParams

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

srclient

SRRemoveRestorePoint
SRSetRestorePointA

ntrrscfd

Ntrrscfd_LogCallbackInit
SetClearReadOnlyDisk
GetCurrentReadOnlyDisk
SetDeleteReadOnlyDisk
Ntrrscfd_rtSearch_Control
Ntrrscfd_SecurityFolderClear
Ntrrscfd_rtSearch_Init
SetAddLogDisk
Ntrrscfd_ClearHiddenPath
Ntrrscfd_SetHiddenPath
SetAddReadOnlyDisk

psapi

GetModuleFileNameExA
EnumProcessModules

dbghelp

MiniDumpWriteDump

ntrmptpfd

?NtrMptpfd_Init@@YAHXZ
?NtrMptpfd_Install@@YAIPAD@Z
?NtrMptpfd_Start@@YAIXZ
?NtrMptpfd_Stop@@YAIXZ
?NtrMptpfd_UnInit@@YAHXZ
?SetPolicy@@YAHK@Z

kernel32

GetVolumeNameForVolumeMountPointA
WideCharToMultiByte
lstrlenW
CreateDirectoryA
FormatMessageA
LocalAlloc
InitializeCriticalSection
LeaveCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
EnterCriticalSection
OpenFileMappingA
GetTickCount
RemoveDirectoryA
GetEnvironmentVariableA
GetSystemInfo
DeleteCriticalSection
GetFileAttributesA
GetCurrentDirectoryA
VirtualQuery
lstrcatA
GetSystemTimeAsFileTime
lstrlenA
GetCurrentProcessId
RaiseException
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileTime
GetFileSize
GlobalMemoryStatus
lstrcpynA
FindFirstFileA
ResetEvent
CreateEventA
FlushFileBuffers
SetEvent
QueryDosDeviceA
SetThreadPriority
SuspendThread
InterlockedIncrement
InterlockedDecrement
LoadResource
FindResourceA
LockResource
GlobalUnlock
GlobalLock
GetCurrentThread
lstrcmpA
GlobalDeleteAtom
GetPrivateProfileIntA
WritePrivateProfileStringA
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FindNextFileA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
DuplicateHandle
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
FileTimeToSystemTime
GetTempFileNameA
GetDiskFreeSpaceA
CreateSemaphoreA
ReleaseSemaphore
WaitForMultipleObjects
MulDiv
SetErrorMode
GetProcessVersion
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SizeofResource
GetCPInfo
GetOEMCP
GlobalSize
RtlUnwind
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetFileType
GetStartupInfoA
GetCommandLineA
HeapReAlloc
CreateThread
ExitThread
GetACP
HeapSize
FatalAppExitA
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetStdHandle
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateProcessA
ProcessIdToSessionId
lstrcmpiA
GetProcessHeap
HeapAlloc
HeapFree
lstrcpyA
GetDiskFreeSpaceExA
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
GetLogicalDrives
GlobalAlloc
GlobalFree
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
WaitForSingleObject
GetExitCodeThread
FreeLibrary
SetPriorityClass
GetModuleHandleA
DeviceIoControl
GetVersionExA
GetDriveTypeA
GetVersion
WriteFile
SetFilePointer
ReadFile
CreateFileA
LocalFree
OutputDebugStringA
GetProcAddress
GetSystemDefaultLangID
GetUserDefaultUILanguage
GetLocalTime
GetSystemDirectoryA
GetVolumeInformationA
GetTempPathA
GetPrivateProfileStringA
SetFileAttributesA
DeleteFileA
GetWindowsDirectoryA
CopyFileA
CreateMutexA
ReleaseMutex
GetModuleFileNameA
LoadLibraryA
GetCurrentProcess
GetLastError
OpenProcess
GetExitCodeProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetCurrentThreadId
Sleep
ResumeThread

user32

UnregisterClassA
LoadCursorA
GetSysColorBrush
PtInRect
GetDialogBaseUnits
InsertMenuA
DeleteMenu
GetMenuStringA
CharNextA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
InflateRect
RegisterClipboardFormatA
AppendMenuA
RemoveMenu
DestroyIcon
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
WaitMessage
MapDialogRect
SetWindowContextHelpId
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetLastActivePopup
SetCursor
DestroyMenu
PostQuitMessage
GrayStringA
EndPaint
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
OemToCharA
CharToOemA
GetMessageA
GetActiveWindow
GetKeyState
ValidateRect
IsWindowVisible
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
PeekMessageA
TranslateMessage
DispatchMessageA
CharUpperA
GetClassNameA
MessageBoxA
wvsprintfA
SetWindowsHookExA
CallNextHookEx
LoadIconA
PostThreadMessageA
GetWindow
GetParent
wsprintfW
RegisterDeviceNotificationA
RegisterWindowMessageA
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
KillTimer
SendMessageA
SetActiveWindow
ExitWindowsEx
UnregisterDeviceNotification
GetClassInfoA
RegisterClassA
SetTimer
LoadMenuA
GetSubMenu
GetCursorPos
SetForegroundWindow
FindWindowExA
IsWindowUnicode
MessageBeep
GetWindowRect
GetSystemMetrics
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
EnableWindow
wsprintfA
UpdateWindow
PostMessageA
FindWindowA
GetDesktopWindow
ReleaseCapture
TranslateAcceleratorA
DrawTextA
EndDialog
TabbedTextOutA
LoadAcceleratorsA
SetRectEmpty
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
MsgWaitForMultipleObjects
LoadStringA
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
IsWindow
SetMenu
InvalidateRect
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowOwnedPopups
ShowScrollBar
UnhookWindowsHookEx
SetWindowTextA

gdi32

SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
LineTo
MoveToEx
OffsetClipRgn
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
IntersectClipRect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
GetTextColor
GetBkColor
SetTextJustification
LPtoDP
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
CopyMetaFileA
CreateDCA
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
PlayMetaFile
EnumMetaFile
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
DPtoLP
SetTextAlign
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateDIBPatternBrushPt
CreateBitmap
CreatePatternBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyExA
GetNamedSecurityInfoA
GetAce
RegCreateKeyA
ControlService
QueryServiceStatus
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
DuplicateTokenEx
SetTokenInformation
LookupAccountSidA
ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
RegEnumKeyA
RegDeleteKeyA
GetTokenInformation
ConvertSidToStringSidA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
GetUserNameA
RegQueryValueA
RegSetValueA
GetFileSecurityA
RegQueryInfoKeyA
RegOpenKeyA
SetFileSecurityA

shell32

DragQueryFileA
DragFinish
SHGetFileInfoA
DragAcceptFiles
SHChangeNotify
Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteExA
SHGetPathFromIDListA
ShellExecuteA
ExtractIconA

comctl32

ord17

oledlg

ord8

ole32

WriteClassStg
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
OleRun
CoDisconnectObject
OleInitialize
OleUninitialize
WriteFmtUserTypeStg
OleDuplicateData
CreateBindCtx
SetConvertStg
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoRegisterMessageFilter
ReleaseStgMedium
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
CoFreeUnusedLibraries

olepro32

ord253

oleaut32

SafeArrayPutElement
SafeArrayPtrOfIndex
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayGetElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
SysStringLen
LoadTypeLi
SysFreeString
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SysAllocStringLen
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear

wsock32

htonl
htons
bind
accept
getpeername
ntohs
WSAGetLastError
WSAAsyncSelect
send
inet_ntoa
inet_addr
select
recvfrom
sendto
WSAStartup
socket
gethostbyname
closesocket
WSACleanup
recv
ioctlsocket
connect
getsockname
WSASetLastError

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

_LockDisk@12
_UnLockDisk@12

Sections

.text
Size: 832KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c86565866a1fca0dbf63c03b280b144

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

1f:c5:e7:f4:c1:a7:73:fe:0b:30:ad:3b:3d:52:69:b9Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ed:a7:9d:e6:14:e2:3d:62:70:7c:df:c7:14:85:73:e7:c1:84:da:1b:0e:32:5b:ff:b3:e2:3f:2b:5d:0b:23:64Signer

Headers

File Characteristics

Imports

winmm

setupapi

netapi32

iphlpapi

version

srclient

ntrrscfd

psapi

dbghelp

ntrmptpfd

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 832KB - Virtual size: 831KB

.rdata Size: 120KB - Virtual size: 116KB

.data Size: 96KB - Virtual size: 139KB

.rsrc Size: 328KB - Virtual size: 327KB

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

1f:c5:e7:f4:c1:a7:73:fe:0b:30:ad:3b:3d:52:69:b9
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ed:a7:9d:e6:14:e2:3d:62:70:7c:df:c7:14:85:73:e7:c1:84:da:1b:0e:32:5b:ff:b3:e2:3f:2b:5d:0b:23:64
Signer

.text
Size: 832KB - Virtual size: 831KB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 96KB - Virtual size: 139KB

.rsrc
Size: 328KB - Virtual size: 327KB