NEAS[.]f1aed879dabc8f3642541da64340c470_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f1aed879dabc8f3642541da64340c470_JC.exe
Size

2.3MB
MD5

f1aed879dabc8f3642541da64340c470
SHA1

eef93346f3ccae8b8714c280f70e448d75a08639
SHA256

273c08356e5c3c70af45d4adeb8e134211227ca4cd298ae489fb4d3116011fe2
SHA512

fe6eced0cebedf8014a4a6b838fc4c6543f0d66a97001a5c4eac44bd5f57685dc122d01a3c2c8e8907745a0f77e784d2de819665de502e22aae05a827edafdd5
SSDEEP

24576:g+KpProIzkQFw8ZO7AX6EvjC6hhPmr09h5Xb7k+Tx0P4MW/DNW+ogs2DwSXYvnEb:IzJs+VPevZ8gdWmaGoYjzjUjNGBC

Score

1^/10

Malware Config

Signatures

Files

NEAS.f1aed879dabc8f3642541da64340c470_JC.exe
.exe windows:6 windows x86

6f7a6e9ccda4bdb7e1fbc26cb5ad4f41

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:5c:60:79:ac:fe:16:1b:64:10:8a:61:be:c8:54:11:eb:ba:bd:c2:f0:d3:87:11:b2:9d:f4:ed:6f:29:9e:c3
Signer

Actual PE Digest

ca:5c:60:79:ac:fe:16:1b:64:10:8a:61:be:c8:54:11:eb:ba:bd:c2:f0:d3:87:11:b2:9d:f4:ed:6f:29:9e:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
__WSAFDIsSet
WSAGetLastError
socket
listen
connect
bind
accept
WSACleanup
WSAStartup
getsockname
ioctlsocket
getnameinfo
freeaddrinfo
getaddrinfo
ntohs
sendto
recvfrom
getsockopt
WSASetLastError
send
closesocket
recv
setsockopt
select

advapi32

CryptCreateHash
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
CryptDecrypt
CryptExportKey
CryptGetUserKey

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

bcrypt

BCryptGenRandom

kernel32

GetCurrentDirectoryW
GetFileSizeEx
GetFullPathNameW
GetFileAttributesExW
SetEndOfFile
GetNumberOfConsoleInputEvents
PeekConsoleInputA
HeapReAlloc
SetFileAttributesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetFilePointerEx
SwitchToFiber
FlushFileBuffers
SetStdHandle
CloseHandle
GetLastError
PeekNamedPipe
Sleep
ExitProcess
CreateThread
TerminateThread
GetStdHandle
DeleteFileW
GetFileAttributesW
ReadFile
WriteFile
GetProcessTimes
GetCurrentProcessId
OpenProcess
GetSystemTime
MoveFileW
SystemTimeToFileTime
MultiByteToWideChar
PeekConsoleInputW
GetCommandLineW
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetConsoleOutputCP
SetConsoleOutputCP
SetLastError
GetFileType
GetModuleHandleW
GetProcAddress
FormatMessageW
DecodePointer
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FindClose
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LCMapStringW
RtlUnwind
LoadLibraryExW
EncodePointer
RaiseException
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetModuleFileNameW
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f7a6e9ccda4bdb7e1fbc26cb5ad4f41

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ca:5c:60:79:ac:fe:16:1b:64:10:8a:61:be:c8:54:11:eb:ba:bd:c2:f0:d3:87:11:b2:9d:f4:ed:6f:29:9e:c3Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

crypt32

user32

bcrypt

kernel32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 454KB - Virtual size: 454KB

.data Size: 41KB - Virtual size: 53KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 73KB - Virtual size: 73KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ca:5c:60:79:ac:fe:16:1b:64:10:8a:61:be:c8:54:11:eb:ba:bd:c2:f0:d3:87:11:b2:9d:f4:ed:6f:29:9e:c3
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 454KB - Virtual size: 454KB

.data
Size: 41KB - Virtual size: 53KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 73KB - Virtual size: 73KB