NEAS[.]f9ad4db5e64165c53bda3ca20f236bb0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.f9ad4db5e64165c53bda3ca20f236bb0_JC.exe
Size

158KB
MD5

f9ad4db5e64165c53bda3ca20f236bb0
SHA1

6b99aa5e9a6b7497e1e9d5262afd5a08f24345a7
SHA256

a7c07d37409a1da0238e029a6a7664a841a032b1f92a337881b8c55aa787b3c2
SHA512

85bdde2a32b3fdf1e962705d40ed8a5065bc3db322dad4d159dc508ced9aa2143e641a59da660aea627b0db9ec1745b8b486b1d86344cb234f9373ef6e2e4e91
SSDEEP

3072:zKeZLSQzNeHqqEn4TyQoQfgr7aUwi7c2FICLQ:LSCqqqdmQoQIr7a4w2FICLQ

Score

1^/10

Malware Config

Signatures

Files

NEAS.f9ad4db5e64165c53bda3ca20f236bb0_JC.exe
.dll windows:4 windows x64

7c0482359d5b1a6e7d7d1929ce743907

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01/05/2023, 00:00

Not After

31/07/2026, 23:59

Subject

CN=K Desktop Environment e. V.,O=K Desktop Environment e. V.,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:cc:22:73:57:0a:96:a6:7e:47:59:f8:44:96:1b:68:c6:1a:ce:36:a8:f8:f7:04:16:bb:c9:de:4e:1e:2a:1e
Signer

Actual PE Digest

56:cc:22:73:57:0a:96:a6:7e:47:59:f8:44:96:1b:68:c6:1a:ce:36:a8:f8:f7:04:16:bb:c9:de:4e:1e:2a:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libbzip2

BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit

liblzma-5

lzma_alone_decoder
lzma_alone_encoder
lzma_code
lzma_end
lzma_lzma_preset
lzma_stream_decoder
lzma_stream_encoder

libz

crc32
deflate
deflateEnd
deflateInit2_
inflate
inflateEnd
inflateInit2_
zError

libzstd

ZSTD_compressBound
ZSTD_compressStream
ZSTD_createCStream
ZSTD_createDStream
ZSTD_decompressStream
ZSTD_endStream
ZSTD_freeCStream
ZSTD_freeDStream
ZSTD_initCStream
ZSTD_isError
ZSTD_maxCLevel
ZSTD_minCLevel

advapi32

GetSecurityInfo

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptDestroyKey
BCryptDuplicateHash
BCryptEncrypt
BCryptFinishHash
BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptSetProperty

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetFileType
GetLastError
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MoveFileExA
MoveFileExW
MultiByteToWideChar
ReadFile
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_close
_dup
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fstat64
_initterm
_localtime64
_lock
_mktime64
_open
_snwprintf
_stat64
_stricmp
_strdup
_time64
_unlock
_wcsdup
abort
calloc
fclose
ferror
fflush
fgetpos
fputc
fread
free
fsetpos
fwrite
localeconv
malloc
memchr
memcmp
memcpy
memset
realloc
rand
srand
strcmp
strerror
strlen
strncmp
strrchr
vfprintf
wcslen

Exports

Exports

zip_add
zip_add_dir
zip_close
zip_compression_method_supported
zip_delete
zip_dir_add
zip_discard
zip_encryption_method_supported
zip_error_clear
zip_error_code_system
zip_error_code_zip
zip_error_fini
zip_error_get
zip_error_get_sys_type
zip_error_init
zip_error_init_with_code
zip_error_set
zip_error_strerror
zip_error_system_type
zip_error_to_data
zip_error_to_str
zip_fclose
zip_fdopen
zip_file_add
zip_file_attributes_init
zip_file_error_clear
zip_file_error_get
zip_file_extra_field_delete
zip_file_extra_field_delete_by_id
zip_file_extra_field_get
zip_file_extra_field_get_by_id
zip_file_extra_field_set
zip_file_extra_fields_count
zip_file_extra_fields_count_by_id
zip_file_get_comment
zip_file_get_error
zip_file_get_external_attributes
zip_file_rename
zip_file_replace
zip_file_set_comment
zip_file_set_dostime
zip_file_set_encryption
zip_file_set_external_attributes
zip_file_set_mtime
zip_file_strerror
zip_fopen
zip_fopen_encrypted
zip_fopen_index
zip_fopen_index_encrypted
zip_fread
zip_fseek
zip_ftell
zip_get_archive_comment
zip_get_archive_flag
zip_get_error
zip_get_file_comment
zip_get_name
zip_get_num_entries
zip_get_num_files
zip_libzip_version
zip_name_locate
zip_open
zip_open_from_source
zip_register_cancel_callback_with_state
zip_register_progress_callback
zip_register_progress_callback_with_state
zip_rename
zip_replace
zip_secure_random
zip_set_archive_comment
zip_set_archive_flag
zip_set_default_password
zip_set_file_comment
zip_set_file_compression
zip_source_begin_write
zip_source_begin_write_cloning
zip_source_buffer
zip_source_buffer_create
zip_source_buffer_fragment
zip_source_buffer_fragment_create
zip_source_close
zip_source_commit_write
zip_source_error
zip_source_file
zip_source_file_create
zip_source_filep
zip_source_filep_create
zip_source_free
zip_source_function
zip_source_function_create
zip_source_get_file_attributes
zip_source_is_deleted
zip_source_keep
zip_source_make_command_bitmap
zip_source_open
zip_source_read
zip_source_rollback_write
zip_source_seek
zip_source_seek_compute_offset
zip_source_seek_write
zip_source_stat
zip_source_tell
zip_source_tell_write
zip_source_win32a
zip_source_win32a_create
zip_source_win32handle
zip_source_win32handle_create
zip_source_win32w
zip_source_win32w_create
zip_source_window_create
zip_source_write
zip_source_zip
zip_source_zip_create
zip_stat
zip_stat_index
zip_stat_init
zip_strerror
zip_unchange
zip_unchange_all
zip_unchange_archive

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c0482359d5b1a6e7d7d1929ce743907

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

56:cc:22:73:57:0a:96:a6:7e:47:59:f8:44:96:1b:68:c6:1a:ce:36:a8:f8:f7:04:16:bb:c9:de:4e:1e:2a:1eSigner

Headers

DLL Characteristics

File Characteristics

Imports

libbzip2

liblzma-5

libz

libzstd

advapi32

bcrypt

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 14KB - Virtual size: 13KB

.pdata Size: 5KB - Virtual size: 5KB

.xdata Size: 5KB - Virtual size: 4KB

.bss Size: - Virtual size: 2KB

.edata Size: 4KB - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 500B

/4 Size: 512B - Virtual size: 24B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

56:cc:22:73:57:0a:96:a6:7e:47:59:f8:44:96:1b:68:c6:1a:ce:36:a8:f8:f7:04:16:bb:c9:de:4e:1e:2a:1e
Signer

.text
Size: 102KB - Virtual size: 102KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 14KB - Virtual size: 13KB

.pdata
Size: 5KB - Virtual size: 5KB

.xdata
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 4KB - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 500B

/4
Size: 512B - Virtual size: 24B