NEAS[.]9fec9008c047dd2f8076d75a8365cef0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9fec9008c047dd2f8076d75a8365cef0_JC.exe
Size

608KB
MD5

9fec9008c047dd2f8076d75a8365cef0
SHA1

1ad56889011e81b7bdd38b58e0b041aec71afa99
SHA256

712dcefd33d9cb4ab856a9f2298d908ae940b46147bb930bd5c9866acd3bdb40
SHA512

f490cad6b5779b8205888b4e97dee09d3e7099e57fd685a2370206a4046835a8983102f7f32c6d76da0b7dc9bdb8c130217f0de2540f3418918c14c55e7e237c
SSDEEP

12288:tmFeBFrg6at9pyO+fcJ2reLFjL4A/ran:QeBFrg6OyO+fu2i4A/C

Score

1^/10

Malware Config

Signatures

Files

NEAS.9fec9008c047dd2f8076d75a8365cef0_JC.exe
.dll regsvr32 windows:5 windows x64

a06b53910176a2e63d1871ecb16fc5d3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:5a:08:d4:69:92:2e:9d:f0:1c:d8:f6:ba:3a:fa:0c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/09/2009, 00:00

Not After

03/09/2012, 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:af:6d:e5:c2:85:50:ff:8c:30:1e:eb:02:1e:c7:2c:fc:cd:27:b5
Signer

Actual PE Digest

84:af:6d:e5:c2:85:50:ff:8c:30:1e:eb:02:1e:c7:2c:fc:cd:27:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
InitializeCriticalSection
MultiByteToWideChar
GetTickCount
GetLocalTime
CreateThread
ExitThread
FreeLibrary
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
TerminateThread
lstrlenA
DeleteCriticalSection
lstrlenW
GetProcessHeap
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetStringTypeA
FlushFileBuffers
SetFilePointer
ReadFile
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ResetEvent
SetEvent
LoadLibraryW
Sleep
CreateEventW
WaitForSingleObject
CloseHandle
LocalFree
LocalAlloc
GetFileSize
CreateFileW
OutputDebugStringW
MoveFileW
DeleteFileW
GetCurrentThreadId
GetCurrentProcessId
FreeResource
LockResource
CreateSemaphoreW
ReleaseSemaphore
WideCharToMultiByte
HeapAlloc
HeapFree
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsSetValue
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapReAlloc
HeapSize
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA

user32

MsgWaitForMultipleObjects
DispatchMessageW
PostQuitMessage
CharNextW
PeekMessageW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
InitializeSecurityDescriptor

ole32

CoTaskMemFree
CoFreeUnusedLibrariesEx
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
StringFromIID
StringFromCLSID
StringFromGUID2
CoGetClassObject
CoTaskMemRealloc
PropVariantClear

oleaut32

RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
SysStringLen
LoadTypeLi
VarBstrCat
SysStringByteLen
SysAllocStringByteLen

wiaservc

wiasCreateDrvItem
wiasGetDrvItem
wiasGetItemType
wiasReadPropGuid
wiasReadPropLong
wiasReadPropStr
wiasReadMultiple
wiasWritePropLong
wiasWritePropStr
wiasGetChangedValueLong
wiasGetImageInformation
wiasGetRootItem
wiasSetPropChanged
wiasSetValidRangeLong
wiasUpdateValidFormat
wiasValidateItemProperties
wiasSetItemPropAttribs
wiasWriteMultiple
wiasSetItemPropNames
wiasFreePropContext
wiasCreatePropContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TulipLog
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a06b53910176a2e63d1871ecb16fc5d3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

42:5a:08:d4:69:92:2e:9d:f0:1c:d8:f6:ba:3a:fa:0cCertificate

Extended Key Usages

Key Usages

84:af:6d:e5:c2:85:50:ff:8c:30:1e:eb:02:1e:c7:2c:fc:cd:27:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wiaservc

Exports

Exports

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 24KB - Virtual size: 24KB

TulipLog Size: 512B - Virtual size: 8B

text Size: 1024B - Virtual size: 664B

data Size: 2KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

42:5a:08:d4:69:92:2e:9d:f0:1c:d8:f6:ba:3a:fa:0c
Certificate

84:af:6d:e5:c2:85:50:ff:8c:30:1e:eb:02:1e:c7:2c:fc:cd:27:b5
Signer

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 24KB - Virtual size: 24KB

TulipLog
Size: 512B - Virtual size: 8B

text
Size: 1024B - Virtual size: 664B

data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB