NEAS[.]6ed1a9b124988ae2918129f3cd05c0d0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6ed1a9b124988ae2918129f3cd05c0d0_JC.exe
Size

3.6MB
MD5

6ed1a9b124988ae2918129f3cd05c0d0
SHA1

42e2083ebc4bc1d9160d78b1e58f4a61b20853ac
SHA256

dcd26480c118ffd47f661cacbd9d50bc23671141dd41f9e66a1f4d638dec7acc
SHA512

91555814d76bc0025cdeccb968376a760e240e7afed7cec721e8483e9d37f895abd302e8d0f1e7346821be09a9ac4699e5a454cbcd8a6f9129ea905825159a27
SSDEEP

98304:+hA76O/n8jqbx6k/AZ+vPO9V2XbNVQBurPWFc:+hW/80D/AMve2aBGPT

Score

1^/10

Malware Config

Signatures

Files

NEAS.6ed1a9b124988ae2918129f3cd05c0d0_JC.exe
.exe windows:4 windows x86

a07c169c21012c8a834b84d48dfb87dd

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

15:b7:7e:a6:97:43:e1:29:7f:c6:85:18:b9:57:10:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/03/2013, 00:00

Not After

23/06/2015, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:fd:1a:55:d9:2f:f9:f4:75:16:b3:9f:a1:c6:14:4c:55:bc:48:dd
Signer

Actual PE Digest

4c:fd:1a:55:d9:2f:f9:f4:75:16:b3:9f:a1:c6:14:4c:55:bc:48:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetModuleFileNameW
CloseHandle
WriteFile
SetFilePointer
FreeResource
CreateFileW
LockResource
LoadResource
SizeofResource
FindResourceW
GetLastError
MoveFileW
DeleteFileW
Sleep
GetTempPathW
GetACP
FindNextFileW
SetFileAttributesW
FindFirstFileW
TerminateProcess
GetCurrentProcess
FreeLibrary
GetDiskFreeSpaceExW
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetSystemInfo
VirtualProtect
SetStdHandle
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetFileType
FindClose
InterlockedExchange
MultiByteToWideChar
HeapSize
SetUnhandledExceptionFilter
IsBadWritePtr
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapReAlloc
HeapAlloc
GetVersionExA
ExitProcess
RtlUnwind
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA

user32

LoadCursorW
PostMessageW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
MessageBoxW
LoadIconW
RegisterClassExW
CreateWindowExW
wsprintfW

gdi32

GetStockObject

shell32

SHGetSpecialFolderPathW
ord165

ole32

CoInitialize

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathRemoveBackslashW
PathAddBackslashW
PathRemoveExtensionW
StrCpyNW
PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a07c169c21012c8a834b84d48dfb87dd

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

15:b7:7e:a6:97:43:e1:29:7f:c6:85:18:b9:57:10:7fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4c:fd:1a:55:d9:2f:f9:f4:75:16:b3:9f:a1:c6:14:4c:55:bc:48:ddSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

shlwapi

version

setupapi

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

15:b7:7e:a6:97:43:e1:29:7f:c6:85:18:b9:57:10:7f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4c:fd:1a:55:d9:2f:f9:f4:75:16:b3:9f:a1:c6:14:4c:55:bc:48:dd
Signer

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB