NEAS[.]cc5a74ca9cffa778c7a1010087ec9be0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cc5a74ca9cffa778c7a1010087ec9be0_JC.exe
Size

38KB
MD5

cc5a74ca9cffa778c7a1010087ec9be0
SHA1

0e73c71789538ccc4e9c288ee1c8b254fd689a2f
SHA256

a959ce248e9c7ef39ca3917cc849011ca5c07621c9e3e3ad0efd4c67be9308c5
SHA512

0f49354e9fc3abcd25aeb1cac54b50a9d0def8fcef6cdc532371f33d4f292982a2803e7ea7854fc4c001c6395298e30b3b4242a10951c25f10c05e5393d7c4b7
SSDEEP

768:zqSvfMPAVVqtCFPmbFf4s+VnRROPbIn/HJ33gKxnVbGYJlANZ9N0EHIM:zbHktCFPmbFfl+1RREbIn/HJ33gKxngf

Score

1^/10

Malware Config

Signatures

Files

NEAS.cc5a74ca9cffa778c7a1010087ec9be0_JC.exe
.dll windows:6 windows x86

0bc53a0a983f240880e4f10ad22eb609

Code Sign

4a:53:8c:28
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/07/2009, 17:25

Not After

07/12/2030, 17:55

Subject

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

18/11/2022, 07:19

Not After

01/12/2025, 07:19

Subject

SERIALNUMBER=2637805-2,CN=The Qt Company Oy,O=The Qt Company Oy,L=Espoo,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:fc:11:a9:51:26:37:32:75:04:7d:28:87:ad:c1:35:9d:ec:96:2b:b4:9e:6b:dc:50:63:a3:1f:2e:a2:34:68
Signer

Actual PE Digest

45:fc:11:a9:51:26:37:32:75:04:7d:28:87:ad:c1:35:9d:ec:96:2b:b4:9e:6b:dc:50:63:a3:1f:2e:a2:34:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt5gui

?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
?currentImageRect@QImageIOHandler@@UBE?AVQRect@@XZ
?bytesPerLine@QImage@@QBEHXZ
?constScanLine@QImage@@QBEPBEH@Z
?jumpToImage@QImageIOHandler@@UAE_NH@Z
?jumpToNextImage@QImageIOHandler@@UAE_NXZ
?scanLine@QImage@@QAEPAEH@Z
?sizeInBytes@QImage@@QBEHXZ
?constBits@QImage@@QBEPBEXZ
?bits@QImage@@QAEPAEXZ
?height@QImage@@QBEHXZ
?width@QImage@@QBEHXZ
?detach@QImage@@QAEXXZ
?isNull@QImage@@QBE_NXZ
??4QImage@@QAEAAV0@$$QAV0@@Z
??4QImage@@QAEAAV0@ABV0@@Z
??1QImage@@UAE@XZ
??0QImage@@QAE@HHW4Format@0@@Z
??0QImage@@QAE@XZ
?setFormat@QImageIOHandler@@QBEXABVQByteArray@@@Z
?device@QImageIOHandler@@QBEPAVQIODevice@@XZ
??1QImageIOHandler@@UAE@XZ
??0QImageIOHandler@@QAE@XZ
??1QImageIOPlugin@@UAE@XZ
??0QImageIOPlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QImageIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QImageIOPlugin@@UAEPAXPBD@Z
?setFormat@QImageIOHandler@@QAEXABVQByteArray@@@Z
?setDevice@QImageIOHandler@@QAEXPAVQIODevice@@@Z
?name@QImageIOHandler@@UBE?AVQByteArray@@XZ

qt5core

??0QVariant@@QAE@_N@Z
??0QVariant@@QAE@XZ
?peek@QIODevice@@QAE_JPAD_J@Z
?read@QIODevice@@QAE?AVQByteArray@@_J@Z
??0QVariant@@QAE@ABVQSize@@@Z
??0QVariant@@QAE@$$QAV0@@Z
?qstrcmp@@YAHABVQByteArray@@PBD@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?isReadable@QIODevice@@QBE_NXZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
??0QMessageLogger@@QAE@PBDH0@Z
?warning@QMessageLogger@@QBAXPBDZZ
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPAU1@II@Z
?sharedNull@QArrayData@@SAPAU1@XZ
??0QByteArray@@QAE@XZ
??0QByteArray@@QAE@PBDH@Z
??1QByteArray@@QAE@XZ
??4QByteArray@@QAEAAV0@$$QAV0@@Z
?constData@QByteArray@@QBEPBDXZ
?append@QByteArray@@QAEAAV1@ABV1@@Z
?remove@QByteArray@@QAEAAV1@HH@Z
??0QString@@QAE@XZ
??1QString@@QAE@XZ
??1QVariant@@QAE@XZ

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle

vcruntime140

memcpy
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 115B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bc53a0a983f240880e4f10ad22eb609

Code Sign

4a:53:8c:28Certificate

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

45:fc:11:a9:51:26:37:32:75:04:7d:28:87:ad:c1:35:9d:ec:96:2b:b4:9e:6b:dc:50:63:a3:1f:2e:a2:34:68Signer

Headers

DLL Characteristics

File Characteristics

Imports

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 115B

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 1KB - Virtual size: 1KB

4a:53:8c:28
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

45:fc:11:a9:51:26:37:32:75:04:7d:28:87:ad:c1:35:9d:ec:96:2b:b4:9e:6b:dc:50:63:a3:1f:2e:a2:34:68
Signer

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 115B

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 1KB - Virtual size: 1KB