NEAS[.]42543fb217dcd0a069c4dc7c1709e4e0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.42543fb217dcd0a069c4dc7c1709e4e0_JC.exe
Size

29KB
MD5

42543fb217dcd0a069c4dc7c1709e4e0
SHA1

6d969a171fffb9a5b40d4912a763b42cc47f6546
SHA256

3405e6d3f2886c811ee7cc9332b0b4bc7368327d97af736424b0709acd692bb2
SHA512

81c7e6aea0b635cd7121613f9dc61b2d5b6271463cbf1d30129df81850c6fe1b9dc146e7f0654b4217c14db1fb15f60f5970627d5f571c5488d7fda0420007bb
SSDEEP

384:6jaZ46urbxA7obKom5d0mhjHyOIx5ShzK7MH2KP1oNygUKLVeMT8E9VF3AM+olBT:aD6uJ8omr0mhj7+7MWk1VENAMxhJ

Score

1^/10

Malware Config

Signatures

Files

NEAS.42543fb217dcd0a069c4dc7c1709e4e0_JC.exe
.sys windows:10 windows x64

10b679e8878465a73bbbefd6c5f9a15a

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:4b:80:a0:e2:6c:94:f7:77:32:38:59:a7:9a:de:c5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/11/2013, 00:00

Not After

22/11/2014, 23:59

Subject

CN=Xinyi Electronic Technology (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Xinyi Electronic Technology (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:63:76:b7:1d:40:3e:07:3a:db:05:17:1d:59:ac:43:9b:0f:54:36
Signer

Actual PE Digest

13:63:76:b7:1d:40:3e:07:3a:db:05:17:1d:59:ac:43:9b:0f:54:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_stricmp
strstr
RtlInitAnsiString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
RtlEqualUnicodeString
DbgPrint
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmCreateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoFreeMdl
ObReferenceObjectByHandleWithTag
ObCloseHandle
ObfDereferenceObject
ZwOpenFile
ZwClose
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlCompareString
MmIsAddressValid
PsGetProcessCreateTimeQuadPart
IoRegisterDriverReinitialization
IoCreateFileEx
ZwTerminateProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
PsLookupThreadByThreadId
MmFlushImageSection
ObOpenObjectByPointer
ObMakeTemporaryObject
ZwDeleteFile
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ZwQueryVirtualMemory
KeInitializeApc
KeInsertQueueApc
PsGetProcessPeb
PsSuspendProcess
PsResumeProcess
PsGetProcessWow64Process
RtlImageNtHeader
ObReferenceObjectByName
ZwQuerySystemInformation
IoFileObjectType
PsInitialSystemProcess
IoDriverObjectType
MmGetSystemRoutineAddress
IoAllocateMdl
RtlPcToFileHeader

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10b679e8878465a73bbbefd6c5f9a15a

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

48:4b:80:a0:e2:6c:94:f7:77:32:38:59:a7:9a:de:c5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

13:63:76:b7:1d:40:3e:07:3a:db:05:17:1d:59:ac:43:9b:0f:54:36Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 160B

.pdata Size: 1024B - Virtual size: 516B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

48:4b:80:a0:e2:6c:94:f7:77:32:38:59:a7:9a:de:c5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

13:63:76:b7:1d:40:3e:07:3a:db:05:17:1d:59:ac:43:9b:0f:54:36
Signer

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 160B

.pdata
Size: 1024B - Virtual size: 516B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B