NEAS[.]c824868b72b7a646f690a8faf48f33f0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c824868b72b7a646f690a8faf48f33f0_JC.exe
Size

509KB
MD5

c824868b72b7a646f690a8faf48f33f0
SHA1

77c6213b75756438f5092d080da11cbdd7e2f3aa
SHA256

fddd186bec08130adbf838dc84fb647714087b7407f9fcafac42e7dd2129ec2d
SHA512

14436a28b73509f1bd62c86430fd51e0d7f7d6337e8379f5f97cd33c986123d43c3d22d74dc107c9714e5f51d3485c5227e18a8fa1f8a601712fd6adae645167
SSDEEP

12288:OwpOcVSCLnMgfg/wM8HH5SF9ZxfEBjvrEH74:ROctT89cH5e9ZxfurEH74

Score

1^/10

Malware Config

Signatures

Files

NEAS.c824868b72b7a646f690a8faf48f33f0_JC.exe
.exe windows:6 windows x86

4aaf83b49b2cc01309a543425b442ab5

Code Sign

1b:7f:cd:59:4d:19:2c:3e:a8:5c:8a:7a:a6:4f:de:8c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2020, 00:00

Not After

06/02/2021, 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Ohta-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:63:23:8c:6b:7a:dd:10:f6:c6:a2:fd:cf:81:31:3b:54:b6:d4:f8:05:ed:d1:25:54:53:c9:b2:7f:87:4a:43
Signer

Actual PE Digest

37:63:23:8c:6b:7a:dd:10:f6:c6:a2:fd:cf:81:31:3b:54:b6:d4:f8:05:ed:d1:25:54:53:c9:b2:7f:87:4a:43

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathQuoteSpacesW
PathAppendW
PathIsDirectoryW
PathFileExistsW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

lstrcmpiW
lstrcpyW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
GetLocalTime
SetEvent
GetSystemDefaultLangID
GetModuleFileNameW
Sleep
GetVersionExW
GetSystemDefaultLCID
lstrcmpW
LocalFree
GetFileAttributesW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
OpenProcess
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetLastError
CreateMutexW
CloseHandle
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
SetLastError
lstrlenW
GlobalFree
GlobalAlloc
SetStdHandle
HeapSize
GetConsoleCP
CreateFileW
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateEventW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap

user32

CharLowerW

winspool.drv

OpenPrinterW
EnumPrintersW
XcvDataW
GetPrinterDriverW
ClosePrinter

advapi32

RegisterServiceCtrlHandlerExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
DeleteService
QueryServiceStatus
ControlService
StartServiceW
ChangeServiceConfig2W
CreateServiceW
SetServiceStatus
UnlockServiceDatabase
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
LockServiceDatabase
OpenSCManagerW
StartServiceCtrlDispatcherW
RegOpenKeyW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyW
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aaf83b49b2cc01309a543425b442ab5

Code Sign

1b:7f:cd:59:4d:19:2c:3e:a8:5c:8a:7a:a6:4f:de:8cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

37:63:23:8c:6b:7a:dd:10:f6:c6:a2:fd:cf:81:31:3b:54:b6:d4:f8:05:ed:d1:25:54:53:c9:b2:7f:87:4a:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

kernel32

user32

winspool.drv

advapi32

shell32

ole32

Sections

.text Size: 331KB - Virtual size: 330KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 5KB - Virtual size: 11KB

.gfids Size: 1024B - Virtual size: 784B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

1b:7f:cd:59:4d:19:2c:3e:a8:5c:8a:7a:a6:4f:de:8c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

37:63:23:8c:6b:7a:dd:10:f6:c6:a2:fd:cf:81:31:3b:54:b6:d4:f8:05:ed:d1:25:54:53:c9:b2:7f:87:4a:43
Signer

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 5KB - Virtual size: 11KB

.gfids
Size: 1024B - Virtual size: 784B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB