NEAS[.]32d440201777130c3d5b621e37d57bb0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.32d440201777130c3d5b621e37d57bb0_JC.exe
Size

2.0MB
MD5

32d440201777130c3d5b621e37d57bb0
SHA1

d5c5caa32021ba5d05d7f341f2a1859e36efa27e
SHA256

0ad58c9246130dcabae28e2a995e4e3cf901e29678a778f0042c29c0e29e2231
SHA512

b3000852d7de35874321369b03ea9a4b4cab73adcb309912bf7435a5466508079a8fbc14d4bb55ba071885a636b236b7b1823cac597b4002f123c84d8935ed81
SSDEEP

49152:CSHQ7lGAym+PONYU6yOFjtVoTGFqbYSHJ:CSHZAX+GedyojrFqsSHJ

Score

1^/10

Malware Config

Signatures

Files

NEAS.32d440201777130c3d5b621e37d57bb0_JC.exe
.exe windows:4 windows x86

c8e9ece228d150fb5724a456a5ecfd7d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/02/2009, 00:00

Not After

12/04/2012, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:5c:86:47:ea:4d:7b:89:fd:d0:c3:bb:c7:4e:7f:b8:42:42:34:01
Signer

Actual PE Digest

51:5c:86:47:ea:4d:7b:89:fd:d0:c3:bb:c7:4e:7f:b8:42:42:34:01

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
IsBadWritePtr
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
LocalSize
GetExitCodeThread
TerminateThread
OpenProcess
LoadLibraryExW
LoadLibraryExA
EnumResourceTypesW
EnumResourceNamesW
Sleep
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
HeapSize
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetStartupInfoW
GetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalFileTimeToFileTime
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetFileAttributesW
GetTickCount
GetCurrentThread
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
SystemTimeToFileTime
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedIncrement
WaitForSingleObject
ResumeThread
SetThreadPriority
GetVersion
GlobalGetAtomNameW
InterlockedDecrement
LoadLibraryW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetStringTypeExW
MoveFileW
lstrcpyW
SetLastError
MulDiv
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrcatW
lstrcmpW
GetVersionExA
lstrlenA
FindFirstFileW
FindNextFileW
FindClose
DeviceIoControl
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
GetLocaleInfoW
GetNumberFormatW
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
WriteFile
FreeResource
lstrcmpiW
GetLocalTime
GetTempFileNameW
CreateDirectoryW
GetDriveTypeW
GetFileSize
lstrlenW
CreateFileW
GetLastError
FormatMessageW
LocalFree
CloseHandle
ReadFile
DeleteFileW
SetFileAttributesW
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

DrawTextExW
TabbedTextOutW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
GetDlgItemInt
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
SetCursor
DestroyMenu
ReuseDDElParam
UnpackDDElParam
RedrawWindow
EnableWindow
GetWindowRect
GetParent
GetWindowLongW
PostMessageW
ReleaseCapture
ClientToScreen
WindowFromPoint
UpdateWindow
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
MessageBoxW
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenu
SetCapture
GrayStringW
GetWindowDC
BeginPaint
EndPaint
RemoveMenu
InsertMenuW
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
UnregisterClassW
DefWindowProcW
CallWindowProcW
AppendMenuW
GetMenuStringW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
GetKeyNameTextW
MapVirtualKeyW
CharUpperW
TranslateAcceleratorW
SetMenu
InvalidateRect
DrawIconEx
SetRect
SendMessageW
DrawTextW
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemW
IsWindow
InflateRect
GetClientRect
GetNextDlgGroupItem
PtInRect
RegisterWindowMessageW
GetDC
ReleaseDC
DispatchMessageW
TranslateMessage
PeekMessageW
wsprintfW
GetKeyState
LoadIconW
CopyRect
IsZoomed
IsIconic
SetForegroundWindow
GetCursorPos
GetSubMenu
LoadMenuW
TranslateMDISysAccel
DrawMenuBar
GetDoubleClickTime
SetClassLongW
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
CreateAcceleratorTableW
DestroyAcceleratorTable
GetCursor
GetMenuDefaultItem
CreateIconIndirect
CopyIcon
GetIconInfo
LoadStringW
DrawStateW
DrawEdge
SendMessageTimeoutW
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcA
CallWindowProcA
EnableScrollBar
EnumWindows
IsWindowUnicode
GetWindowLongA
SetCursorPos
DestroyCursor
LoadCursorW
ValidateRect
GetMessageW
GetMenuItemInfoW
SystemParametersInfoW
FindWindowW
IsRectEmpty
DrawIcon
SetWindowRgn
SetTimer
KillTimer
PostQuitMessage
ShowOwnedPopups
SetWindowContextHelpId
RegisterClipboardFormatW
GetSysColorBrush
DeleteMenu
DestroyIcon
CharNextW
CopyAcceleratorTableW
InvalidateRgn
MessageBeep
PostThreadMessageW
SetParent
CreateMenu
GetTabbedTextExtentA
IsClipboardFormatAvailable
GetDCEx
LockWindowUpdate
GetWindowThreadProcessId
GetSystemMenu
LoadAcceleratorsW
SetWindowLongA
LoadImageW
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
InvertRect
HideCaret
ShowCaret
IsMenu
GetWindowRgn
DrawFrameControl
DrawFocusRect
GetFocus
GetDlgCtrlID
GetSystemMetrics
GetWindow
MapDialogRect
ScreenToClient
FillRect
GetSysColor
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement

gdi32

ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
DeleteDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateDCW
CreateCompatibleBitmap
StretchDIBits
GetCharWidthW
CreateFontW
GetTextMetricsW
CreateEllipticRgn
LPtoDP
Ellipse
GetViewportOrgEx
Rectangle
StartPage
EndPage
SetAbortProc
SetViewportExtEx
EndDoc
GetBkColor
GetTextColor
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetTextAlign
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DPtoLP
CreatePatternBrush
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
Polygon
StretchBlt
SetPixel
GetCurrentObject
CreateDIBSection
PtInRegion
EnumFontFamiliesExW
OffsetRgn
GetTextCharsetInfo
ExtCreateRegion
GetDIBits
SetDIBits
GetBitmapBits
SetBrushOrgEx
CreatePalette
CreateDIBitmap
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
MoveToEx
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateICW
CreateFontIndirectW
GetObjectW
SelectObject
CreateCompatibleDC
AbortDoc
GetTextExtentPoint32W

comdlg32

GetOpenFileNameW
PrintDlgW
CommDlgExtendedError
GetFileTitleW
GetSaveFileNameW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDecrypt
RegSetValueW
RegOpenKeyW
RegEnumKeyW
RegQueryValueW
SetFileSecurityW
GetFileSecurityW
RegDeleteValueW
RegCreateKeyW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
DragFinish
DragQueryFileW
ExtractIconW
SHGetFileInfoW

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Add
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_GetBkColor
ord17
ImageList_GetIconSize
FlatSB_GetScrollProp

shlwapi

PathRemoveExtensionW
PathAppendW
PathFileExistsW
PathCompactPathW
PathRemoveFileSpecW
PathAddBackslashW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
OleFlushClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateInstance
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleDestroyMenuDescriptor

oleaut32

LoadTypeLi
OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipLoadImageFromFile
GdipAlloc
GdipFree
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipImageRotateFlip
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageBounds
GdipCloneImage
GdipLoadImageFromFileICM

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8e9ece228d150fb5724a456a5ecfd7d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5fCertificate

Extended Key Usages

Key Usages

51:5c:86:47:ea:4d:7b:89:fd:d0:c3:bb:c7:4e:7f:b8:42:42:34:01Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

imagehlp

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 320KB - Virtual size: 318KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 460KB - Virtual size: 458KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

51:5c:86:47:ea:4d:7b:89:fd:d0:c3:bb:c7:4e:7f:b8:42:42:34:01
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 320KB - Virtual size: 318KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 460KB - Virtual size: 458KB