NEAS[.]1cbda4bc73281d45d3a8133fd0c57c90_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1cbda4bc73281d45d3a8133fd0c57c90_JC.exe
Size

2.2MB
MD5

1cbda4bc73281d45d3a8133fd0c57c90
SHA1

5dbf16d8501e3268ea854a4c433ddfeb9b22f910
SHA256

50f0c0d31256db2f0e5c4558c94f003d724f65600b6e30470d413dcedc83158f
SHA512

16356291aa3ca14fc0c7b510f7a7383caf0371a61ac8947048c105185705ef6419e57a0395cbb4fc36783fe618e436ecb6961bcdadfa2c45593d440957ea79bf
SSDEEP

49152:ywBGawOPWEU/wvsFL4LCVlOgGAY9I3veUeWIWPsCGXS:hYaCmCVlbYaWWX

Score

1^/10

Malware Config

Signatures

Files

NEAS.1cbda4bc73281d45d3a8133fd0c57c90_JC.exe
.dll windows:5 windows x64

c2650aa3be10f217549acacd73f6f4f3

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:51:cc:b1:dc:3f:36:ba:74:b2:59:94:70:6e:8f:61:49:53:f0:58
Signer

Actual PE Digest

5f:51:cc:b1:dc:3f:36:ba:74:b2:59:94:70:6e:8f:61:49:53:f0:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcr80

tan
tanh
sinh
fmod
exp
cosh
fmodf
ceil
_fpclass
isspace
_clearfp
strchr
cos
sin
pow
atan2
asin
acos
atan
sqrt
floor
log
qsort
memmove
atoi
toupper
isxdigit
isalpha
isalnum
isdigit
tolower
atof
setlocale
_strdup
_vsnprintf
_stricmp
atan2f
acosf
sqrtf
cosf
sinf
_copysign
_recalloc
calloc
_resetstkoflw
malloc
_wcsicmp
__clean_type_info_names_internal
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
modf
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
wcsncpy_s
_purecall
_vsnwprintf
_finite
_isnan
_wtoi
floorf
ceilf
logf
_initterm
__crt_debugger_hook
memcmp
memcpy
memset

ntdll

DbgPrompt
RtlCaptureContext
RtlSetBits
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation
DbgPrintEx
RtlClearBits
RtlFindClearBitsAndSet
NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
RtlCopyMemory
DbgBreakPoint
RtlInterlockedFlushSList
RtlInitializeBitMap

advapi32

RegQueryValueExA
RegOpenKeyA
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateLocallyUniqueId
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
InitializeSListHead
InterlockedPushEntrySList
GetTickCount
GetCurrentThreadId
TryEnterCriticalSection
MulDiv
FindResourceW
LoadResource
LockResource
GlobalUnlock
QueryDepthSList
InterlockedFlushSList
UnmapViewOfFile
GetSystemInfo
GetVersionExW
SleepEx
RtlCaptureStackBackTrace
ExitProcess
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
TerminateThread
GetCurrentThread
LocalAlloc
Sleep
DuplicateHandle
SetThreadPriority
CreateThread
WaitForMultipleObjects
ResetEvent
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
GetCurrentProcessId
GetModuleHandleW
FindClose
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
GetLastError
InitializeCriticalSectionAndSpinCount
SetLastError
DeleteCriticalSection
LoadLibraryW
OutputDebugStringW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RtlZeroMemory
RaiseException
CreateFileMappingW
FindFirstFileW
RtlMoveMemory
VirtualAlloc
VirtualFree
CreateFileW
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
VirtualProtect
SizeofResource
OutputDebugStringA
GetVersionExA
GetModuleHandleA
LoadLibraryA
TerminateProcess
lstrcmpiA
WideCharToMultiByte
GetFullPathNameA
InitializeCriticalSection
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemDirectoryW

gdi32

CreateDCW
SetLayout
SelectPalette
RealizePalette
CreateCompatibleBitmap
CreatePalette
GetSystemPaletteEntries
GetRegionData
GetDIBits
CreateCompatibleDC
RectInRegion
CombineRgn
CreateRectRgnIndirect
SelectObject
CreateDIBSection
DeleteObject
BitBlt
DrawEscape
GdiEntry13
DeleteDC
GetDeviceCaps
CreateICW

user32

SetRect
UpdateLayeredWindow
PostMessageW
IsWindow
InvalidateRect
GetDC
ReleaseDC
GetClientRect
ClientToScreen
SystemParametersInfoW
GetMonitorInfoW
SetLayeredWindowAttributes
OffsetRect
GetWindowDC
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
RegisterWindowMessageW
IntersectRect
IsRectEmpty
EqualRect
EnumDisplayDevicesW
EnumDisplayMonitors
GetGuiResources
EnumDisplaySettingsW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
PropVariantClear
PropVariantCopy
CoTaskMemAlloc

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
VariantChangeType

Exports

Exports

IMILBitmapEffectConnector_IsConnected
IMILBitmapEffectInputConnector_ConnectTo
IMILBitmapEffectInputConnector_GetConnection
IMILBitmapEffectOutputConnector_GetConnection
IMILBitmapEffectOutputConnector_GetNumberConnections
IMILBitmapEffectRenderContext_GetFinalTransform
IMILBitmapEffectRenderContext_GetOutputDPI
IMILBitmapEffectRenderContext_GetOutputPixelFormat
IMILBitmapEffectRenderContext_SetInitialTransform
IMILBitmapEffectRenderContext_SetOutputDPI
IMILBitmapEffectRenderContext_SetOutputPixelFormat
IMILBitmapEffectRenderContext_SetRegionOfInterest
IMILBitmapEffectRenderContext_SetUseSoftwareRenderer
IMILBitmapEffect_GetOutput
IMILBitmapEffect_GetParentEffect
IMILBitmapEffect_IMILBitmapEffectConnectionsInfo_GetNumberInputs
IMILBitmapEffect_IMILBitmapEffectConnectionsInfo_GetNumberOutputs
IMILBitmapEffect_IMILBitmapEffectConnections_GetInputConnector
IMILBitmapEffect_IMILBitmapEffectConnections_GetOutputConnector
IMILBitmapEffect_IMILBitmapEffectGroup_Add
IMILBitmapEffect_IMILBitmapEffectGroup_GetInteriorInputConnector
IMILBitmapEffect_IMILBitmapEffectGroup_GetInteriorOutputConnector
IMILBitmapEffect_IMILBitmapEffectPrimitive_GetAffineMatrix
IMILBitmapEffect_IMILBitmapEffectPrimitive_HasAffineTransform
IMILBitmapEffect_IMILBitmapEffectPrimitive_HasInverseTransform
IMILBitmapEffect_IMILBitmapEffectPrimitive_SetValue
IMILBitmapEffect_IMILBitmapEffectPrimitive_TransformPoint
IMILBitmapEffect_IMILBitmapEffectPrimitive_TransformRect
IMILBitmapEffect_SetInputSource
InteropDeviceBitmap_AddDirtyRect
InteropDeviceBitmap_Create
InteropDeviceBitmap_Detach
InteropDeviceBitmap_GetAsSoftwareBitmap
MIL3DCalcBrushToIdealSampleSpace
MIL3DCalcProjected2DBounds
MILAddRef
MILCreateBitmapEffectOuterPublic
MILCreateEventProxy
MILCreateFactory
MILCreateStreamFromStreamDescriptor
MILFactoryCreateBitmapEffect
MILFactoryCreateBitmapEffectContext
MILFactoryCreateBitmapEffectOuter
MILFactoryCreateBitmapRenderTarget
MILFactoryCreateMediaPlayer
MILFactoryCreateSWRenderTargetForBitmap
MILIStreamWrite
MILInitializeBitmapEffectPublic
MILLoadResource
MILMediaCanPause
MILMediaClose
MILMediaGetBufferingProgress
MILMediaGetDownloadProgress
MILMediaGetMediaLength
MILMediaGetNaturalHeight
MILMediaGetNaturalWidth
MILMediaGetPosition
MILMediaHasAudio
MILMediaHasVideo
MILMediaIsBuffering
MILMediaNeedUIFrameUpdate
MILMediaOpen
MILMediaProcessExitHandler
MILMediaSetBalance
MILMediaSetIsScrubbingEnabled
MILMediaSetPosition
MILMediaSetRate
MILMediaSetVolume
MILMediaShutdown
MILMediaStop
MILQueryInterface
MILRelease
MILRenderTargetBitmapClear
MILRenderTargetBitmapGetBitmap
MILStreamNotifyReadComplete
MILSwDoubleBufferedBitmapAddDirtyRect
MILSwDoubleBufferedBitmapCreate
MILSwDoubleBufferedBitmapGetBackBuffer
MILSwDoubleBufferedBitmapProtectBackBuffer
MILUpdateSystemParametersInfo
MilChannel_AppendCommandData
MilChannel_BeginCommand
MilChannel_CommitChannel
MilChannel_EndCommand
MilChannel_GetMarshalType
MilChannel_SendSyncCommand
MilChannel_SetNotificationWindow
MilChannel_SetReceiveBroadcastMessages
MilCompositionEngine_DeinitializePartitionManager
MilCompositionEngine_EnterCompositionEngineLock
MilCompositionEngine_ExitCompositionEngineLock
MilCompositionEngine_GetComposedEventId
MilCompositionEngine_InitializePartitionManager
MilCompositionEngine_UpdateSchedulerSettings
MilComposition_PeekNextMessage
MilComposition_SyncFlush
MilComposition_WaitForNextMessage
MilConnection_CreateChannel
MilConnection_DestroyChannel
MilContent_AttachToHwnd
MilContent_DetachFromHwnd
MilCreateReversePInvokeWrapper
MilGlyphCache_AppendCommandDataAtRenderTime
MilGlyphCache_BeginCommandAtRenderTime
MilGlyphCache_EndCommandAtRenderTime
MilGlyphRun_SetGeometryAtRenderTime
MilPlayer_Create
MilPlayer_Process
MilReleasePInvokePtrBlocking
MilResource_CreateOrAddRefOnChannel
MilResource_DuplicateHandle
MilResource_GetRefCountOnChannel
MilResource_ReleaseOnChannel
MilResource_SendCommand
MilResource_SendCommandBitmapSource
MilResource_SendCommandMedia
MilSyncPacketTransport_Create
MilSyncPacketTransport_Present
MilTransport_AddRef
MilTransport_Create
MilTransport_CreateFromPacketTransport
MilTransport_CreateTransportParameters
MilTransport_DisconnectTransport
MilTransport_Release
MilUtility_ArcToBezier
MilUtility_CopyPixelBuffer
MilUtility_GeometryGetArea
MilUtility_GetPointAtLengthFraction
MilUtility_GetTileBrushMapping
MilUtility_PathGeometryBounds
MilUtility_PathGeometryCombine
MilUtility_PathGeometryFlatten
MilUtility_PathGeometryHitTest
MilUtility_PathGeometryHitTestPathGeometry
MilUtility_PathGeometryOutline
MilUtility_PathGeometryWiden
MilUtility_PolygonBounds
MilUtility_PolygonHitTest
MilVersionCheck
MilVisualTarget_AttachToHwnd
MilVisualTarget_DetachFromHwnd
SetMilPerfInstrumentationFlags

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2650aa3be10f217549acacd73f6f4f3

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

5f:51:cc:b1:dc:3f:36:ba:74:b2:59:94:70:6e:8f:61:49:53:f0:58Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

ntdll

advapi32

kernel32

gdi32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 238KB - Virtual size: 238KB

.data Size: 44KB - Virtual size: 109KB

.pdata Size: 69KB - Virtual size: 68KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 25KB - Virtual size: 25KB

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

5f:51:cc:b1:dc:3f:36:ba:74:b2:59:94:70:6e:8f:61:49:53:f0:58
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 238KB - Virtual size: 238KB

.data
Size: 44KB - Virtual size: 109KB

.pdata
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 25KB - Virtual size: 25KB