NEAS[.]2b59d78a07c494a0412d0141040c33a0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2b59d78a07c494a0412d0141040c33a0_JC.exe
Size

417KB
MD5

2b59d78a07c494a0412d0141040c33a0
SHA1

53068a997bf914b1522ae71272a77ffc04c5797a
SHA256

8301e52435f49f5e1f7c22aa89905b6f21caa90c734a55f7a027e3e0a808d698
SHA512

f07905ddf9825b653f0c59d1b2faa617c8fdf713c7ecc81b4ac7571cd1b817c66fc9e00e3602bf8891cfa3816d1cacc46d8fcd035598083f28117f55b5393f91
SSDEEP

6144:y0cBWBeyqNT7gemUstQqRfTDP7+fTvkK87bo07bja92IBKuT+iO4:yDrstQqRXP7+DS7bG0

Score

1^/10

Malware Config

Signatures

Files

NEAS.2b59d78a07c494a0412d0141040c33a0_JC.exe
.dll windows:10 windows x64

88c5439a99d11d302ca700b9abf7f6fb

Code Sign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/01/2016, 19:41

Not After

06/04/2017, 19:41

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/01/2016, 19:41

Not After

06/04/2017, 19:41

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:e7:8c:df:e4:ab:d5:76:bc:ad:ab:a4:96:41:2c:24:bd:62:8a:66:3a:37:69:21:30:d1:57:37:7f:bc:90:45
Signer

Actual PE Digest

67:e7:8c:df:e4:ab:d5:76:bc:ad:ab:a4:96:41:2c:24:bd:62:8a:66:3a:37:69:21:30:d1:57:37:7f:bc:90:45

Digest Algorithm

sha256

PE Digest Matches

true

67:e7:8c:df:e4:ab:d5:76:bc:ad:ab:a4:96:41:2c:24:bd:62:8a:66:3a:37:69:21:30:d1:57:37:7f:bc:90:45
Signer

Actual PE Digest

67:e7:8c:df:e4:ab:d5:76:bc:ad:ab:a4:96:41:2c:24:bd:62:8a:66:3a:37:69:21:30:d1:57:37:7f:bc:90:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GetModuleHandleW
GetProcAddress
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
SleepEx
CreateEventA
GetFileAttributesA
FreeLibrary
GetModuleFileNameA
LoadLibraryExA
CreateFileA
ReadFile
GetCurrentProcessId
WaitNamedPipeA
WideCharToMultiByte
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetCommandLineA
GetCurrentThreadId
GetCPInfo
HeapAlloc
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
HeapSize
GetProcessHeap
IsDebuggerPresent
OutputDebugStringW
LoadLibraryExW
WriteFile
HeapReAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
CreateFileW

Exports

Exports

clBuildProgram
clCloneKernel
clCompileProgram
clCreateBuffer
clCreateCommandQueue
clCreateCommandQueueWithProperties
clCreateContext
clCreateContextFromType
clCreateEventFromGLsyncKHR
clCreateImage
clCreateImage2D
clCreateImage3D
clCreateKernel
clCreateKernelsInProgram
clCreatePipe
clCreateProgramWithBinary
clCreateProgramWithBuiltInKernels
clCreateProgramWithIL
clCreateProgramWithSource
clCreateSampler
clCreateSamplerWithProperties
clCreateSubBuffer
clCreateSubDevices
clCreateUserEvent
clEnqueueBarrier
clEnqueueBarrierWithWaitList
clEnqueueCopyBuffer
clEnqueueCopyBufferRect
clEnqueueCopyBufferToImage
clEnqueueCopyImage
clEnqueueCopyImageToBuffer
clEnqueueFillBuffer
clEnqueueFillImage
clEnqueueMapBuffer
clEnqueueMapImage
clEnqueueMarker
clEnqueueMarkerWithWaitList
clEnqueueMigrateMemObjects
clEnqueueNDRangeKernel
clEnqueueNativeKernel
clEnqueueReadBuffer
clEnqueueReadBufferRect
clEnqueueReadImage
clEnqueueSVMFree
clEnqueueSVMMap
clEnqueueSVMMemFill
clEnqueueSVMMemcpy
clEnqueueSVMMigrateMem
clEnqueueSVMUnmap
clEnqueueTask
clEnqueueUnmapMemObject
clEnqueueWaitForEvents
clEnqueueWriteBuffer
clEnqueueWriteBufferRect
clEnqueueWriteImage
clFinish
clFlush
clGetCommandQueueInfo
clGetContextInfo
clGetDeviceAndHostTimer
clGetDeviceIDs
clGetDeviceIDsFromD3D10KHR
clGetDeviceIDsFromD3D11KHR
clGetDeviceIDsFromDX9MediaAdapterKHR
clGetDeviceInfo
clGetEventInfo
clGetEventProfilingInfo
clGetExtensionFunctionAddress
clGetExtensionFunctionAddressForPlatform
clGetHostTimer
clGetImageInfo
clGetKernelArgInfo
clGetKernelInfo
clGetKernelSubGroupInfo
clGetKernelSubGroupInfoKHR
clGetKernelWorkGroupInfo
clGetMemObjectInfo
clGetPipeInfo
clGetPlatformIDs
clGetPlatformInfo
clGetProgramBuildInfo
clGetProgramInfo
clGetSamplerInfo
clGetSupportedImageFormats
clLinkProgram
clReleaseCommandQueue
clReleaseContext
clReleaseDevice
clReleaseEvent
clReleaseKernel
clReleaseMemObject
clReleaseProgram
clReleaseSampler
clRetainCommandQueue
clRetainContext
clRetainDevice
clRetainEvent
clRetainKernel
clRetainMemObject
clRetainProgram
clRetainSampler
clSVMAlloc
clSVMFree
clSetDefaultDeviceCommandQueue
clSetEventCallback
clSetKernelArg
clSetKernelArgSVMPointer
clSetKernelExecInfo
clSetMemObjectDestructorCallback
clSetUserEventStatus
clUnloadCompiler
clUnloadPlatformCompiler
clWaitForEvents

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88c5439a99d11d302ca700b9abf7f6fb

Code Sign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

67:e7:8c:df:e4:ab:d5:76:bc:ad:ab:a4:96:41:2c:24:bd:62:8a:66:3a:37:69:21:30:d1:57:37:7f:bc:90:45Signer

67:e7:8c:df:e4:ab:d5:76:bc:ad:ab:a4:96:41:2c:24:bd:62:8a:66:3a:37:69:21:30:d1:57:37:7f:bc:90:45Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 3KB - Virtual size: 2KB

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

67:e7:8c:df:e4:ab:d5:76:bc:ad:ab:a4:96:41:2c:24:bd:62:8a:66:3a:37:69:21:30:d1:57:37:7f:bc:90:45
Signer

67:e7:8c:df:e4:ab:d5:76:bc:ad:ab:a4:96:41:2c:24:bd:62:8a:66:3a:37:69:21:30:d1:57:37:7f:bc:90:45
Signer

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 3KB - Virtual size: 2KB