NEAS[.]ca176ac0e24ae98bfc1cb4ac3c9c3da0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ca176ac0e24ae98bfc1cb4ac3c9c3da0_JC.exe
Size

89KB
MD5

ca176ac0e24ae98bfc1cb4ac3c9c3da0
SHA1

3d9f964e088be735b7b66a10885e632da9c9e2e2
SHA256

e039f06e91f03b4f9bfc2df6eccd97cad508fe2eeda379a981a409dabb6a2d4f
SHA512

5833abbcd31bc855257d01b56e223ea8415b3b39915b32851208b7be3f7fed0da01e7ce94909773d8dd1b69e8cd865530b30c39f41ebcc8601a2c096904b6730
SSDEEP

1536:sMvTWMjAKgMJFQH6xNxweDOx4VHekSH5yaqpEgYu3nbz:VvTWMjAKglH6xN/SIHeHHxi3nbz

Score

1^/10

Malware Config

Signatures

Files

NEAS.ca176ac0e24ae98bfc1cb4ac3c9c3da0_JC.exe
.dll windows:4 windows x86

7df9028a7975db10c9684c87000d0d05

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

15:5d:08:30:66:da:9c:78:00:7c:ca:07:95:c2:5b:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

07/08/2017, 00:00

Not After

05/09/2020, 23:59

Subject

CN=SYSJUST CO.\, LTD.,OU=MIS,O=SYSJUST CO.\, LTD.,L=New Taipei City,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:5e:e8:85:b1:e4:ef:96:93:d0:ec:48:fe:5c:b7:2c:56:d5:83:eb:d3:c5:e5:19:78:00:bf:8c:61:bf:f1:61
Signer

Actual PE Digest

24:5e:e8:85:b1:e4:ef:96:93:d0:ec:48:fe:5c:b7:2c:56:d5:83:eb:d3:c5:e5:19:78:00:bf:8c:61:bf:f1:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptVerifyDetachedMessageSignature
CryptVerifyMessageSignature
CryptEncryptMessage
CertGetNameStringW
CertFreeCertificateContext
CertDeleteCertificateFromStore
CertCloseStore
CertGetIntendedKeyUsage
CertAddEncodedCertificateToStore
CertEnumCertificatesInStore
CertOpenStore
CryptMsgGetParam
CryptMsgUpdate
CryptMsgClose
CryptMsgOpenToDecode
CertGetCertificateContextProperty

advapi32

CryptSetHashParam
CryptSignHashW
CryptGetUserKey
CryptCreateHash
CryptDestroyHash
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW

winscard

SCardReleaseContext
SCardListReadersA
SCardGetStatusChangeA
SCardConnectA
SCardDisconnect
SCardTransmit
g_rgSCardT1Pci
SCardEstablishContext

jrsyscryptodll

JCDAPI_CMS_DecodeSignedDataGetSignerCert
JCDAPI_CMS_EncodeEnvelopedDataByCert
JCDAPI_CMS_EncodeEnvelopedDataByCert_FileToFile
JCDAPI_Free
JCDAPI_CMS_EncodeSignedDataByCertAndSig
JCDAPI_CMS_EncodeSignedDataByCertAndSig2
JCDAPI_CMS_DecodeEnvelopedData_DecryptContentByContentEncKey
JCDAPI_CMS_DecodeEnvelopedData_GetEncryptedKeyByCert
JCDAPI_CRYPTO_Init
JCDAPI_CRYPTO_Digest_Init
JCDAPI_CRYPTO_Digest_Update
JCDAPI_CMS_DecodeSignedDataVerify
JCDAPI_CMS_DecodeSignedDataGetSignature
JCDAPI_CMS_Init
JCDAPI_Certificate_GetAttributes
JCDAPI_Certificate_Init
JCDAPI_CRYPTO_Digest_Final
JCDAPI_unbase64
JCDAPI_enbase64
JCDAPI_CMS_Free
JCDAPI_CMS_GetPKCS1Padding2BSignedData
JCDAPI_CMS_DecodeEnvelopedDataFileToFile_DecryptContentByContentEncKey
JCDAPI_CMS_DecodeEnvelopedDataFile_GetEncryptedKeyByCert
JCDAPI_CRYPTO_DigestData

mfc42u

ord826
ord269
ord1571
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1165
ord1568
ord600
ord1173
ord1105
ord6466
ord2910
ord3867
ord795
ord656
ord3716
ord3605
ord535
ord5261
ord4847
ord4992
ord2506
ord6048
ord1767
ord4401
ord5276
ord4419
ord3592
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord2567
ord4390
ord3397
ord3569
ord2574
ord6051
ord4073
ord1768
ord4396
ord5237
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3365
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord3635
ord693
ord616
ord609
ord800
ord641
ord861
ord567
ord540
ord324
ord825
ord2291
ord2362
ord2294
ord4229
ord4370
ord2634
ord858
ord3296
ord6195
ord4704
ord538
ord537
ord6898
ord3993
ord3991
ord6451
ord1197
ord665
ord1971
ord6381
ord353
ord940
ord5706
ord3494
ord2507
ord355
ord2371
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord3948
ord4616
ord3733
ord561
ord815
ord1115

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
??2@YAPAXI@Z
free
_wcsicmp
__CxxFrameHandler
asctime
localtime
sprintf
malloc
wcscmp
_ftol

kernel32

LocalAlloc
FreeLibrary
LoadLibraryA
GetProcAddress
LocalFree
MultiByteToWideChar
WaitForSingleObject
WideCharToMultiByte
GetLastError

user32

SetWindowLongW
GetClientRect
GetSystemMetrics
SendMessageW
SetForegroundWindow
SetActiveWindow
EnableWindow
SetWindowPos
GetWindowLongW

Exports

Exports

Base64ToBinary
Base64ToHexString
BinaryToBase64
CMS_DecodeSginedDataGetSignerCert
CMS_DecodeSignedDataGetSignature
CMS_EncodeEnvelopedDataByCert
CMS_EncodeEnvelopedDataByCert_FileToFile
CMS_Init
Certificate_GetAttributes
Certificate_Init
CryptoFree
CryptoFreeEx
DecodeRSAP7EnvelopedData
EncodeRSAP7EnvelopedData
EncodeRSAP7SignedData
EncodeRSAP7SignedDataEx
EncodeRSAP7SignedDataExByCN
ExportCert
HexStringToBase64
HexStringToUTF8
P11_DecodeP7SignedDataVerify
P11_DecodeRsaP7EnvelopedData
P11_DecodeRsaP7EnvelopedData_FileToFile
P11_EncodeRsaP7EnvelopedData
P11_EncodeRsaP7EnvelopedDataByCert
P11_EncodeRsaP7EnvelopedData_FileToFile
P11_EncodeRsaP7SignedData
P11_ExportCert
P11_Finalize
P11_Initialize
SC_GetMOICACardID
SC_IsMOICACardPresent
UTF8ToHexString
VerifyDetachedSignedMessage
VerifySignedMessage
jrsysDigest
jrsysDigest_Final
jrsysDigest_Init
jrsysDigest_Update

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7df9028a7975db10c9684c87000d0d05

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

15:5d:08:30:66:da:9c:78:00:7c:ca:07:95:c2:5b:eeCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

24:5e:e8:85:b1:e4:ef:96:93:d0:ec:48:fe:5c:b7:2c:56:d5:83:eb:d3:c5:e5:19:78:00:bf:8c:61:bf:f1:61Signer

Headers

File Characteristics

Imports

crypt32

advapi32

winscard

jrsyscryptodll

mfc42u

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

15:5d:08:30:66:da:9c:78:00:7c:ca:07:95:c2:5b:ee
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

24:5e:e8:85:b1:e4:ef:96:93:d0:ec:48:fe:5c:b7:2c:56:d5:83:eb:d3:c5:e5:19:78:00:bf:8c:61:bf:f1:61
Signer

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB