NEAS[.]1003e7d6d6fa2779c0ad24539dc94940_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1003e7d6d6fa2779c0ad24539dc94940_JC.exe
Size

471KB
MD5

1003e7d6d6fa2779c0ad24539dc94940
SHA1

60233d4eb825cfebde343ac3a40c5e190b1adb65
SHA256

7e530e66c1bcdcd22680817461aed5dfa8d6d9c57693bbc908d2d34c21f634c2
SHA512

2101ccea67219a5cf482c19a3221c7a31251ff892cf4920583f8f44dbf53eb29203f13d84630f7ac489711bd1ef775d1d05f647b11d2135864fa1edb8a4964ae
SSDEEP

6144:Muca9G1nYVli0xtDRA7WMXi04QKox7iZDrgbUgsk:MuhG1nqi0xtDUWIiPQn7KZk

Score

1^/10

Malware Config

Signatures

Files

NEAS.1003e7d6d6fa2779c0ad24539dc94940_JC.exe
.dll regsvr32 windows:4 windows x86

6bf4e1d416eb817e144d7bbe2cb58277

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:b8:24:ad:9b:ae:59:31:8a:cf:19:11:f7:6a:d1:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/02/2012, 00:00

Not After

28/02/2014, 23:59

Subject

CN=ABBYY PRODUCTION LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=ABBYY PRODUCTION LLC,L=MOSCOW,ST=MOSCOW,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:eb:8b:8e:59:af:1f:b7:98:22:b1:12:23:65:73:f5:6c:60:c0:c3
Signer

Actual PE Digest

94:eb:8b:8e:59:af:1f:b7:98:22:b1:12:23:65:73:f5:6c:60:c0:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
lstrcatW
HeapDestroy
lstrcpyW
GetModuleFileNameW
GetModuleHandleW
GetShortPathNameW
LoadLibraryExW
GetLastError
FindResourceW
GetModuleHandleA
LocalFree
GetCurrentProcess
TlsGetValue
GetCurrentProcessId
VirtualQuery
TlsAlloc
TlsFree
FindClose
SetErrorMode
CloseHandle
SetLastError
VirtualFree
HeapCreate
HeapAlloc
GetProcessHeap
HeapFree
GlobalUnlock
GlobalLock
LoadResource
VirtualAlloc
GetSystemInfo
HeapSize
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetFileType
ReadFile
SetFilePointer
GetStdHandle
WriteFile
GetACP
IsValidLocale
GetSystemDefaultLangID
GetOEMCP
GetFileSize
FlushFileBuffers
SetEndOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapReAlloc
RtlUnwind
RaiseException
IsBadReadPtr
GetCurrentThreadId
GetCommandLineA
GetVersionExA
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
GetStringTypeA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
UnhandledExceptionFilter
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
VirtualProtect
LCMapStringA
GetTimeZoneInformation
InterlockedExchange
IsBadCodePtr
SetStdHandle
CompareStringA
SetEnvironmentVariableA
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
SizeofResource
lstrlenA
FreeLibrary
lstrcpynW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
MultiByteToWideChar
InterlockedDecrement
TlsSetValue
InterlockedIncrement

user32

GetLastActivePopup
IsWindowVisible
MessageBoxA
GetSysColor
GetWindow
GetParent
GetDesktopWindow
IsWindowEnabled
ReleaseDC
GetDC
SetTimer
KillTimer
CreateMenu
InsertMenuItemW
GetSysColorBrush
CharNextW
SetClipboardData
OpenClipboard
GetIconInfo
InsertMenuW
SystemParametersInfoW
FillRect
DrawTextW
GetSystemMetrics
LoadBitmapW
CloseClipboard

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW

ole32

CLSIDFromString
StringFromGUID2
ReleaseStgMedium
CoCreateInstance
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CLSIDFromProgID

oleaut32

SafeArrayPutElement
SafeArrayGetDim
SafeArrayCreate
OleCreatePictureIndirect
CreateErrorInfo
SysFreeString
VariantClear
VarUI4FromStr
GetErrorInfo
LoadRegTypeLi
SysStringLen
VariantCopy
VariantInit
DispCallFunc
SysAllocString
LoadTypeLi
RegisterTypeLi
SetErrorInfo
SysAllocStringByteLen
SysStringByteLen

gdi32

SelectClipRgn
DeleteObject
CreateRectRgn
GetClipRgn
SetTextColor
SetBkColor
SetBkMode
GetObjectW
CreateFontIndirectW
GetStockObject
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
SelectObject
CreateRectRgnIndirect

shell32

SHGetSpecialFolderLocation
DragQueryFileW

comctl32

ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Create
ImageList_Add
ImageList_Destroy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterExtension
__FineObjUsed

Sections

.text
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bf4e1d416eb817e144d7bbe2cb58277

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:b8:24:ad:9b:ae:59:31:8a:cf:19:11:f7:6a:d1:55Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

94:eb:8b:8e:59:af:1f:b7:98:22:b1:12:23:65:73:f5:6c:60:c0:c3Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

gdi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 317KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 44KB - Virtual size: 40KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:b8:24:ad:9b:ae:59:31:8a:cf:19:11:f7:6a:d1:55
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

94:eb:8b:8e:59:af:1f:b7:98:22:b1:12:23:65:73:f5:6c:60:c0:c3
Signer

.text
Size: 320KB - Virtual size: 317KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 44KB - Virtual size: 40KB