NEAS[.]a9d667f5308982a3305f364eb02458d0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a9d667f5308982a3305f364eb02458d0_JC.exe
Size

97KB
MD5

a9d667f5308982a3305f364eb02458d0
SHA1

952f97cec13e910fa9a4faa22d54b8e8a61c2ad5
SHA256

721ecbf49bd53cb4122e560da4b3e7f2b51ed5209098e86a0a9dcdc7ab936d04
SHA512

be280a6ca84596e61461fb833c5737a55bdcb5cbd57fa304b5206dbba8377f8453eb4306e11e6bf6cc21ea09cdb6fef5a5991c138e6c77541e1b0da5f662fa52
SSDEEP

1536:+z/HHvvvzJNivEQJQsqWzMdC4byoKXeTPTI3XrKeLeE0HtyPaNwj:+zPHvDJ4sQGb2OPcrKyb0HtyG

Score

1^/10

Malware Config

Signatures

Files

NEAS.a9d667f5308982a3305f364eb02458d0_JC.exe
.exe windows:4 windows x86

ec156bc2b1d490702d4337d8c4792dc1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2011, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:80:7b:b5:a3:33:09:28:a0:57:c7:22:41:5f:3d:9e:06:1a:e9:65
Signer

Actual PE Digest

bd:80:7b:b5:a3:33:09:28:a0:57:c7:22:41:5f:3d:9e:06:1a:e9:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Parent
CM_Get_Device_IDW
CM_Get_Child
CM_Get_Sibling
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList

shlwapi

SHDeleteKeyW

kernel32

HeapFree
HeapAlloc
GetProcessHeap
GetLocaleInfoA
DeviceIoControl
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
CreateFileW
CloseHandle
GetLastError
CreateEventW
GetTickCount
GetModuleFileNameW
Sleep
SetEvent
WaitForSingleObject
CreateThread
InitializeCriticalSection
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetCurrentProcess
GetVersionExA
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

RegisterClassExW
PostMessageW
CreateWindowExW
ShowWindow
UpdateWindow
PostQuitMessage
DefWindowProcW
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ChangeServiceConfig2W
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatusEx
ControlService
StartServiceW
DeleteService
CreateServiceW
SetServiceStatus
RegSetKeySecurity

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec156bc2b1d490702d4337d8c4792dc1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

bd:80:7b:b5:a3:33:09:28:a0:57:c7:22:41:5f:3d:9e:06:1a:e9:65Signer

Headers

File Characteristics

Imports

setupapi

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

bd:80:7b:b5:a3:33:09:28:a0:57:c7:22:41:5f:3d:9e:06:1a:e9:65
Signer

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB