Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.563f28a5b305befcde15a3ccd9147390_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.563f28a5b305befcde15a3ccd9147390_JC.exe
Resource
win10v2004-20231023-en
Target
NEAS.563f28a5b305befcde15a3ccd9147390_JC.exe
Size
936KB
MD5
563f28a5b305befcde15a3ccd9147390
SHA1
97e59bf84f0787ec7c8d4d508347edfe18bd5d12
SHA256
d844c4b990994963e1b286d789bd27cc21e8743f3de45b842282bf47375918bb
SHA512
cc0be17db4ab9c908b4ad27d26e0fc45b98932b1dd861e6938072b77f6be2c77f45be782e6dc12065d14ca29645242f96bcdd2b8beb2058161e6c9fa9b661318
SSDEEP
24576:AYMH9du2TqstcmFG7w1yIig/tN6uNVsvHaudM7Nu:Aswnt3s5gD6uN0Au
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
RpcServerRegisterIf2
RpcBindingFree
RpcStringBindingComposeW
RpcStringFreeW
RpcServerUnregisterIfEx
NdrClientCall2
RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
NdrServerCall2
RpcBindingFromStringBindingW
timeGetTime
ImmDisableIME
Direct3DCreate9Ex
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
ord7
ord16
ord9
ord11
ord10
VirtualFree
VirtualQuery
HeapCreate
OpenThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetCommandLineW
OpenEventW
LoadResource
SizeofResource
FindResourceW
ResetEvent
GetFileAttributesW
TerminateProcess
GetVersionExW
GetModuleHandleA
LocalAlloc
LocalFree
CompareStringW
Process32FirstW
Process32NextW
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
TerminateThread
GetLocalTime
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetModuleHandleExW
FileTimeToLocalFileTime
lstrcmpA
lstrcpyW
DeleteFileW
GetTempFileNameW
VirtualAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileSize
ReleaseSemaphore
WriteFile
SetFilePointer
CreateFileA
CreateThread
GetWindowsDirectoryW
CreateSemaphoreW
CreateDirectoryA
SetDllDirectoryW
FlushFileBuffers
CreateDirectoryW
SetErrorMode
WaitForSingleObjectEx
IsDebuggerPresent
LoadLibraryExA
GetSystemInfo
FormatMessageW
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
OutputDebugStringW
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
GetModuleHandleW
GetProcAddress
RtlCaptureContext
VerifyVersionInfoW
VerSetConditionMask
UnregisterWaitEx
ProcessIdToSessionId
ResumeThread
InitializeCriticalSection
CreateFileW
MultiByteToWideChar
WaitForMultipleObjects
HeapValidate
GetCurrentProcessId
OpenProcess
SetLastError
GetExitCodeThread
CreateEventW
WaitForSingleObject
SetEvent
HeapReAlloc
HeapDestroy
CloseHandle
GetUserDefaultUILanguage
GetPrivateProfileIntW
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
WideCharToMultiByte
FileTimeToSystemTime
GetSystemTimeAsFileTime
LoadLibraryExW
MulDiv
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
Sleep
lstrcmpW
lstrcmpiW
HeapAlloc
HeapFree
GetProcessHeap
GetProcessTimes
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
ToUnicodeEx
MonitorFromRect
EnumDisplayDevicesW
EnumDisplaySettingsW
PtInRect
FillRect
RemovePropW
SetPropW
InvalidateRect
EndPaint
BeginPaint
DrawTextW
KillTimer
SetTimer
MoveWindow
ShowWindowAsync
SetLayeredWindowAttributes
SendNotifyMessageW
UnionRect
PostMessageW
GetGuiResources
EnumWindows
InflateRect
GetPropW
SendMessageW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
LoadCursorW
GetWindow
SetWindowLongPtrW
SetWindowLongW
GetWindowLongW
EqualRect
OffsetRect
IntersectRect
GetWindowRgn
GetGUIThreadInfo
GetKeyboardLayout
GetSystemMetrics
IsZoomed
IsIconic
IsWindowVisible
GetWindowPlacement
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
MsgWaitForMultipleObjectsEx
GetUserObjectInformationW
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
LoadImageW
LoadStringW
SystemParametersInfoW
PostQuitMessage
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
GetClassNameW
EnumThreadWindows
FindWindowExW
GetWindowTextW
GetWindowTextA
GetAncestor
GetDesktopWindow
GetWindowLongPtrW
IsRectEmpty
SendMessageTimeoutW
GetDoubleClickTime
GetKeyState
GetKeyboardState
VkKeyScanExW
SubtractRect
SendInput
GetForegroundWindow
ChildWindowFromPointEx
ClientToScreen
GetWindowRect
UnhookWinEvent
SetWinEventHook
GetCursorInfo
MessageBoxW
GetClassInfoW
wsprintfW
CharNextW
GetDC
UnregisterClassW
GetClassLongW
GetProcessWindowStation
GetUserObjectInformationA
MapVirtualKeyExW
SetForegroundWindow
GetIconInfo
PrintWindow
ScreenToClient
GetParent
EnumDisplayMonitors
ReleaseDC
GetClientRect
GetRgnBox
DeleteDC
CombineRgn
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
EqualRgn
GetRegionData
OffsetRgn
PtInRegion
SetRectRgn
RectInRegion
CreateDIBSection
GetObjectW
CreateFontIndirectW
ExtCreateRegion
CreateSolidBrush
GetCurrentObject
Rectangle
SelectObject
SetBkColor
SetBkMode
SetTextColor
BitBlt
CreateCompatibleDC
SelectClipRgn
CreateCompatibleBitmap
CreateDCW
GetDIBits
StretchBlt
GetDeviceCaps
CreatePen
EqualSid
DuplicateTokenEx
RegOpenCurrentUser
RevertToSelf
ImpersonateLoggedOnUser
SetEntriesInAclW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
FreeSid
DuplicateToken
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
SetTokenInformation
ControlService
EnumServicesStatusW
QueryServiceStatus
StartServiceW
RegGetValueW
CreateRestrictedToken
CreateWellKnownSid
SHGetSpecialFolderPathA
SHGetKnownFolderPath
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
SHAppBarMessage
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitialize
VariantClear
VarUI4FromStr
SysAllocString
SysFreeString
VariantInit
GetErrorInfo
SetErrorInfo
SysStringLen
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Wcsxfrm
_Wcscoll
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Strcoll
_Strxfrm
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
PathIsRelativeW
PathRemoveFileSpecW
PathAppendW
PathStripPathW
PathFindFileNameW
AccessibleObjectFromWindow
GdiplusShutdown
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules
GetModuleInformation
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
CertGetNameStringW
__CxxFrameHandler4
__current_exception_context
__current_exception
__std_terminate
memset
_purecall
wcsrchr
wcsstr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
__std_type_info_compare
memcpy
__C_specific_handler
strchr
memcmp
free
calloc
_set_new_mode
_recalloc
malloc
realloc
_callnewh
_set_fmode
fseek
_wfsopen
__stdio_common_vsnprintf_s
__acrt_iob_func
__stdio_common_vfwprintf
fflush
__stdio_common_vswprintf_s
fwrite
fclose
_wfopen_s
__p__commode
__stdio_common_vsprintf_s
ftell
__stdio_common_vfprintf
_wcsnicmp
towlower
_wcsupr_s
isdigit
iswspace
strncpy_s
towupper
wcsncpy_s
wcsncmp
strncmp
_wcsicmp
wcscat_s
strcmp
wcscmp
strcpy_s
strcat_s
wcscpy_s
_initialize_wide_environment
_invalid_parameter_noinfo
_beginthread
abort
_errno
_configure_wide_argv
_get_wide_winmain_command_line
_set_app_type
_seh_filter_exe
terminate
_cexit
_initterm_e
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_invalid_parameter_noinfo_noreturn
_initterm
_register_onexit_function
_exit
exit
_initialize_onexit_table
_wtoi
wcstoul
_wtoi64
strtoll
_waccess_s
_wstat64i32
__setusermatherr
_configthreadlocale
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ