NEAS[.]d6ea38bb2926d21dacd60a66ce808630_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d6ea38bb2926d21dacd60a66ce808630_JC.exe
Size

121KB
MD5

d6ea38bb2926d21dacd60a66ce808630
SHA1

21c9cc949a55e59c60674850ff3180400f369834
SHA256

402b8fb0b63730d756a879e1988a14000aaad3322550e519a70f8cace326821b
SHA512

909f125db323468c11dbd9ae502594ffa2de71f3a201e82518581017899540f27527272e6def7fa943c6ff81a0d33cf92351b2b8a814103e0a0e8be89b51653d
SSDEEP

1536:f4rtyajpjtj0Wnn/9HjgjSjRjVoL5wjNNdOn7uVYfMWup7wSbgWp/TZXXrLCAamv:w8UNmn7u7e/WBT5Mfc7OB7ymk

Score

1^/10

Malware Config

Signatures

Files

NEAS.d6ea38bb2926d21dacd60a66ce808630_JC.exe
.dll regsvr32 windows:6 windows x86

c48693f2adcfa19ef75e8bf74c300086

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:11

Not After

01/01/2016, 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:c8:ee:3a:4c:be:ec:46:9f:88:91:cc:67:16:fb:c8:90:d5:24:ef:a8:78:97:4c:53:12:0d:49:99:53:52:59
Signer

Actual PE Digest

0a:c8:ee:3a:4c:be:ec:46:9f:88:91:cc:67:16:fb:c8:90:d5:24:ef:a8:78:97:4c:53:12:0d:49:99:53:52:59

Digest Algorithm

sha256

PE Digest Matches

true

3f:89:83:1f:e2:c2:3f:0d:69:ea:97:7e:c3:be:36:3f:48:d6:b9:f0
Signer

Actual PE Digest

3f:89:83:1f:e2:c2:3f:0d:69:ea:97:7e:c3:be:36:3f:48:d6:b9:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharNextA

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromString

shlwapi

PathIsRootW
PathIsURLW
PathIsRelativeW
PathStripToRootW

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
RaiseException
FindResourceA
lstrcmpW
FreeLibrary
GetProcAddress
GetModuleHandleA
lstrcmpiA
IsDBCSLeadByte
GetLastError
OutputDebugStringW
GetModuleFileNameA
DeleteCriticalSection
DisableThreadLibraryCalls
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
InitializeCriticalSectionEx
CloseHandle
GetModuleFileNameW
SetEvent
GetFullPathNameW
GetCurrentDirectoryW
ResetEvent
LoadLibraryExA
InitializeCriticalSection

advapi32

RegSetValueExA
RegQueryInfoKeyW
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA

oleaut32

SysAllocString
SysFreeString
LoadRegTypeLi
VarBstrCat
SysStringLen
SysAllocStringLen
VariantInit
SafeArrayCreate
SafeArrayPutElement
SafeArrayRedim
VarUI4FromStr
VariantClear

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memset
__std_type_info_destroy_list
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
__std_terminate
memmove
strchr
wcschr
strrchr
wcsstr
strstr
_purecall
wcsrchr
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
memcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsicmp
strcat_s
strcpy_s
strncpy_s
wcsnlen
wmemcpy_s
strnlen
isupper
isxdigit
iswspace
_strdup
strncmp
isalnum
isspace
isdigit

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_resetstkoflw
_crt_atexit
_execute_onexit_table
_register_onexit_function
_errno
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_cexit
terminate

api-ms-win-crt-heap-l1-1-0

_recalloc
_callnewh
free
malloc

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c48693f2adcfa19ef75e8bf74c300086

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6fCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

0a:c8:ee:3a:4c:be:ec:46:9f:88:91:cc:67:16:fb:c8:90:d5:24:ef:a8:78:97:4c:53:12:0d:49:99:53:52:59Signer

3f:89:83:1f:e2:c2:3f:0d:69:ea:97:7e:c3:be:36:3f:48:d6:b9:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

shlwapi

kernel32

advapi32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 78KB

.data Size: 14KB - Virtual size: 15KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

0a:c8:ee:3a:4c:be:ec:46:9f:88:91:cc:67:16:fb:c8:90:d5:24:ef:a8:78:97:4c:53:12:0d:49:99:53:52:59
Signer

3f:89:83:1f:e2:c2:3f:0d:69:ea:97:7e:c3:be:36:3f:48:d6:b9:f0
Signer

.text
Size: 78KB - Virtual size: 78KB

.data
Size: 14KB - Virtual size: 15KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB