NEAS[.]9ef9fe00aae2d7b8a116b2beb5e52370_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9ef9fe00aae2d7b8a116b2beb5e52370_JC.exe
Size

179KB
MD5

9ef9fe00aae2d7b8a116b2beb5e52370
SHA1

91166d619a94d738856c920a5078833261ec26b6
SHA256

8cdd01a542d42174b5b15a9214e1a766dd965ef1ff9f5d8a95b3c873a15529a0
SHA512

8110b6fe025cb58b962b773a842edf9646e34a4b1be58cab0e24b8725098afe3f140db030ec33215e30e4d913caaf42e6eb26622e5775ce3aa68d9d4c0269b44
SSDEEP

3072:6YCBlXnFLHixAoVjJt0tQKFIj7HIv7q0Nn/nZIORk3tO74m:6YC7t7o3mtBIjoq0N/Zm+

Score

1^/10

Malware Config

Signatures

Files

NEAS.9ef9fe00aae2d7b8a116b2beb5e52370_JC.exe
.exe windows:6 windows x64

4acc6343a45ffc561d0fa260d16b3c8e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:1a:48:5d:b4:06:be:48:7e:de:23:62:83:b2:a2:4a:1e:73:b4:1a:43:1d:ec:25:1c:8f:69:2e:c4:26:1c:98
Signer

Actual PE Digest

1f:1a:48:5d:b4:06:be:48:7e:de:23:62:83:b2:a2:4a:1e:73:b4:1a:43:1d:ec:25:1c:8f:69:2e:c4:26:1c:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CompareStringEx
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
WaitForSingleObject
CreateEventW
SetEvent
FormatMessageW
WriteConsoleW
CreateFileW
CloseHandle
GetConsoleMode
GetConsoleOutputCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers

user32

MessageBoxW

shell32

SHChangeNotify

shlwapi

SHCreateStreamOnFileEx

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx

oleaut32

SysAllocString
SetErrorInfo
GetErrorInfo
SysStringLen
SysFreeString

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4acc6343a45ffc561d0fa260d16b3c8e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1f:1a:48:5d:b4:06:be:48:7e:de:23:62:83:b2:a2:4a:1e:73:b4:1a:43:1d:ec:25:1c:8f:69:2e:c4:26:1c:98Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

api-ms-win-core-com-l1-1-0

oleaut32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1f:1a:48:5d:b4:06:be:48:7e:de:23:62:83:b2:a2:4a:1e:73:b4:1a:43:1d:ec:25:1c:8f:69:2e:c4:26:1c:98
Signer

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB