NEAS[.]4be537990ad0040e4ca64aa66a7fe7f0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4be537990ad0040e4ca64aa66a7fe7f0_JC.exe
Size

248KB
MD5

4be537990ad0040e4ca64aa66a7fe7f0
SHA1

c6b3b86f5747e58b2839336a3ed0700f654a0b73
SHA256

fcc9879c5a345d3efd6aca5d465cff119dbeeeabf6c45235300761656dc94379
SHA512

57c883d22a93ff2d1b7159c01da2d9f7dbd5636499caec15b11f1e72b39489419895a89c0b0d8db3b8eb6cfdc3bb7e732eeaaca65fc717f98cfff23732532349
SSDEEP

6144:xk1eNshhrZahVbNzD3kXVqpV+x9YpY9Fq4f5jgGx5:xk9ZahVm0pseoxjB

Score

1^/10

Malware Config

Signatures

Files

NEAS.4be537990ad0040e4ca64aa66a7fe7f0_JC.exe
.exe windows:4 windows x86

e3d6498467eb01cfd1939a8c963aa374

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:3a:77:f9:74:03:d5:80:dc:56:9d:55:50:4b:d5:71:c7:07:b3:f1
Signer

Actual PE Digest

59:3a:77:f9:74:03:d5:80:dc:56:9d:55:50:4b:d5:71:c7:07:b3:f1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadWritePtr
VirtualAlloc
CreateNamedPipeW
GetUserDefaultLangID
GetProcessHeap
GetThreadLocale
GetTempFileNameA
OpenSemaphoreA
lstrcmpiW
GetEnvironmentVariableW
CreateThread
GetFullPathNameA
CopyFileExW
EnumTimeFormatsW
IsBadReadPtr
OpenWaitableTimerW
GetEnvironmentStringsA
WaitForSingleObject
DisconnectNamedPipe
GetDiskFreeSpaceA
FatalAppExitW
GetWindowsDirectoryA
EnumDateFormatsW
EnumDateFormatsA
CopyFileExA
GetTempPathW
GetVersionExA
GetSystemDefaultLangID
GetVersion
FindAtomW
GetEnvironmentVariableA
GetFileType
ExpandEnvironmentStringsW
AddAtomA
LocalAlloc
ReplaceFileA
GetProcessHeaps
CreateFileMappingA
GetSystemTime
lstrcpynW
LocalFree
lstrcatW
ExitProcess
GetNumberFormatW
CreateEventA
DeleteAtom
FreeLibrary
IsValidCodePage
MulDiv
EnumCalendarInfoA

user32

ArrangeIconicWindows
CheckDlgButton
SetWindowTextA
GetMenuStringW
CloseWindow
LoadMenuIndirectW
GetForegroundWindow
GetClassInfoExW
GetWindowLongA
CallWindowProcW
GetDC
SetCursor
IsMenu
wsprintfA
SetWindowPos
CheckMenuRadioItem
SetForegroundWindow
MessageBeep
RegisterClassW
SetCapture
TrackPopupMenu
LoadCursorW
GetDlgItemTextA
GetMessageA
AppendMenuA
IsWindow
LoadCursorA
CreateDialogIndirectParamW
LoadIconA
DefDlgProcA
InsertMenuW
GetClassInfoW
CallWindowProcA
GetClassInfoExA
SetWindowLongW
IsChild
GetMenuItemID
wvsprintfW
GetDC
CopyIcon
GetAsyncKeyState
GetCursorPos
CreateWindowExW
DestroyMenu
GetDlgItemTextW
wsprintfW

gdi32

GetGraphicsMode
SetMapperFlags
SelectClipRgn
GetPolyFillMode
UpdateColors
SetBitmapDimensionEx
EndPath
CreateBrushIndirect
GdiGetBatchLimit
StrokeAndFillPath
Arc
SetColorSpace
SetArcDirection
SetViewportExtEx
GetMetaFileA
CreateCompatibleDC
DeleteMetaFile

advapi32

RegOpenKeyA
RegDeleteValueW
RegQueryInfoKeyA
RegReplaceKeyA
ConvertSidToStringSidW
RegOpenKeyExA

shell32

SHGetDiskFreeSpaceExA
StrCmpNIA
StrStrIW
ExtractIconExA
StrStrW
DuplicateIcon

comdlg32

PrintDlgExW
ReplaceTextW
PrintDlgExA
ChooseFontA

urlmon

HlinkGoBack

crypt32

CryptMsgOpenToDecode

Sections

.dIjpP
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.GMd
Size: 1KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pUltCa
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yN
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WKF
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.X
Size: 1024B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PD
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Y
Size: 512B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mor
Size: 2KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3d6498467eb01cfd1939a8c963aa374

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

59:3a:77:f9:74:03:d5:80:dc:56:9d:55:50:4b:d5:71:c7:07:b3:f1Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comdlg32

urlmon

crypt32

Sections

.dIjpP Size: 10KB - Virtual size: 12KB

.GMd Size: 1KB - Virtual size: 22KB

.pUltCa Size: 4KB - Virtual size: 3KB

.yN Size: 1024B - Virtual size: 3KB

.WKF Size: 1024B - Virtual size: 7KB

.X Size: 1024B - Virtual size: 38KB

.PD Size: 4KB - Virtual size: 5KB

.Y Size: 512B - Virtual size: 37KB

.rsrc Size: 213KB - Virtual size: 213KB

.mor Size: 2KB - Virtual size: 56KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

59:3a:77:f9:74:03:d5:80:dc:56:9d:55:50:4b:d5:71:c7:07:b3:f1
Signer

.dIjpP
Size: 10KB - Virtual size: 12KB

.GMd
Size: 1KB - Virtual size: 22KB

.pUltCa
Size: 4KB - Virtual size: 3KB

.yN
Size: 1024B - Virtual size: 3KB

.WKF
Size: 1024B - Virtual size: 7KB

.X
Size: 1024B - Virtual size: 38KB

.PD
Size: 4KB - Virtual size: 5KB

.Y
Size: 512B - Virtual size: 37KB

.rsrc
Size: 213KB - Virtual size: 213KB

.mor
Size: 2KB - Virtual size: 56KB