NEAS[.]9cabca2fbb74f05783f9e454f397a380_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9cabca2fbb74f05783f9e454f397a380_JC.exe
Size

1.8MB
MD5

9cabca2fbb74f05783f9e454f397a380
SHA1

247fbc6df9d2d80b946e1e211ba4a6c4a127a298
SHA256

197178379fc49267ece267caccc1544ff2d73874d979af8ab6748eec115068a7
SHA512

c3ff498b591b000f31b95e3da6f81c44b577b9e5d9712e4bb7715cd25aba372326a2eb2f63771c780ea4611237d49b709ae87f668e5b6f85959e05261b13a4b8
SSDEEP

49152:3tQytoClKqWOQQ8IWIkTBHlAIVt62mCEWIY:uytoCkAVfWzuIVt62roY

Score

1^/10

Malware Config

Signatures

Files

NEAS.9cabca2fbb74f05783f9e454f397a380_JC.exe
.dll windows:5 windows x86

3667e472bbc57ef9971ee1617afd61ad

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:57:15:fc:23:ba:7c:56:0c:c9:68:b5:ea:ac:39:be:e7:e2:1a:17:44:cd:61:49:0e:ec:23:2e:7d:3a:5e:5e
Signer

Actual PE Digest

49:57:15:fc:23:ba:7c:56:0c:c9:68:b5:ea:ac:39:be:e7:e2:1a:17:44:cd:61:49:0e:ec:23:2e:7d:3a:5e:5e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

CoInternetGetSecurityUrl

kernel32

VirtualAlloc
GetSystemTimeAsFileTime
DeleteTimerQueueTimer
IsProcessorFeaturePresent
WaitForMultipleObjectsEx
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
WideCharToMultiByte
LoadLibraryA

winspool.drv

SetPortW

oleaut32

LoadTypeLibEx
GetErrorInfo

ole32

HDC_UserSize

shlwapi

PathRemoveBackslashA
StrRStrIA

msvcrt

putc
wprintf

advapi32

AreAnyAccessesGranted
ReadEventLogW

user32

GetAncestor
EnumDesktopsW
GetLastActivePopup
IsCharAlphaNumericA
DeregisterShellHookWindow

Exports

Exports

MlHleewehee

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vNe=w
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3667e472bbc57ef9971ee1617afd61ad

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

49:57:15:fc:23:ba:7c:56:0c:c9:68:b5:ea:ac:39:be:e7:e2:1a:17:44:cd:61:49:0e:ec:23:2e:7d:3a:5e:5eSigner

Headers

File Characteristics

Imports

urlmon

kernel32

winspool.drv

oleaut32

ole32

shlwapi

msvcrt

advapi32

user32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 112KB - Virtual size: 111KB

.qdata Size: 92KB - Virtual size: 90KB

vNe=w Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 28KB - Virtual size: 24KB

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

49:57:15:fc:23:ba:7c:56:0c:c9:68:b5:ea:ac:39:be:e7:e2:1a:17:44:cd:61:49:0e:ec:23:2e:7d:3a:5e:5e
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 112KB - Virtual size: 111KB

.qdata
Size: 92KB - Virtual size: 90KB

vNe=w
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 28KB - Virtual size: 24KB