NEAS[.]a11320846146a0349ec59de0d4607290_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a11320846146a0349ec59de0d4607290_JC.exe
Size

2.1MB
MD5

a11320846146a0349ec59de0d4607290
SHA1

27b03deab58fefe09f124cb70d4ea95b5c02e1ce
SHA256

81007602e08c8e0e82e4f3d5fbdaa2465122690c979fe15098d5fb52f999c8d4
SHA512

97d5d708cae3f61ddcb5987894fe6705c3dd703ef02d06f915a6f67151e2967f7dbe95db153870e551b71d2d3b2d0af2adc6da3502c5c518670557c5efb5eafb
SSDEEP

49152:o5UmHbdf5xWZsPRbkOXaQ9Wrp5ymeuZ/+TUKPcZ//9S3D/mq/p3QyH:o5FxWYQXyme7Ex8

Score

1^/10

Malware Config

Signatures

Files

NEAS.a11320846146a0349ec59de0d4607290_JC.exe
.dll windows:5 windows x86

268e529a4ab5b5f54a24969ecfef0066

Code Sign

6f:36:c4:b7:4b:4f:8a:b0:01:f0:39:d6:92:a7:5b:49
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/04/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Malwarebytes Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Malwarebytes Corporation,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:04:6a:b9:81:43:0e:43:2b:7c:e6:34:e9:95:9f:c1:59:a1:f3:08
Signer

Actual PE Digest

de:04:6a:b9:81:43:0e:43:2b:7c:e6:34:e9:95:9f:c1:59:a1:f3:08

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSizeEx
FindClose
CreateFileMappingW
FindNextFileW
FindFirstVolumeW
GetFileInformationByHandle
GetVolumeInformationW
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetThreadExecutionState
BackupSeek
BackupRead
FreeLibrary
LoadLibraryW
GetLongPathNameW
MoveFileExW
GetTickCount
CompareFileTime
GetSystemTimeAsFileTime
GetFileTime
GetCurrentDirectoryW
CreateMutexW
OpenMutexW
LocalAlloc
LocalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
GetCPInfo
RtlUnwind
FlushFileBuffers
CompareStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
GetStringTypeExW
LoadLibraryA
ReadFile
FindNextVolumeW
GetVersionExW
CopyFileW
Sleep
WriteFile
SetFilePointerEx
GetCurrentProcess
CreateProcessW
GetFileAttributesExW
LockResource
UnmapViewOfFile
MapViewOfFile
SetFilePointer
FindVolumeClose
FindFirstFileW
SetFileAttributesW
DeleteFileW
GetShortPathNameW
DeviceIoControl
RemoveDirectoryW
GetProcAddress
CreateFileW
GetFileAttributesW
GetSystemDirectoryW
GetModuleHandleW
GetSystemTime
SetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
DeleteCriticalSection
CreateEventW
ResetEvent
EnterCriticalSection
GetLastError
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
SizeofResource
LoadResource
FindResourceW
CreateDirectoryW
Module32NextW
CreateToolhelp32Snapshot
SetEvent
LCMapStringW
Process32NextW
Module32FirstW
Process32FirstW
OpenProcess
GetVolumePathNameW
GetDateFormatW
SystemTimeToFileTime
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempPathW
GetDriveTypeW
VerSetConditionMask
GetLogicalDriveStringsW
GetComputerNameW
VerifyVersionInfoW
GetSystemInfo
WaitForSingleObject

sfc

SfcIsFileProtected

shlwapi

SHDeleteKeyW
PathFileExistsW
SHRegGetPathW
SHSetValueW
SHCopyKeyW

userenv

ExpandEnvironmentStringsForUserW
GetDefaultUserProfileDirectoryW
GetProfilesDirectoryW
GetUserProfileDirectoryW

mpr

WNetGetConnectionW

psapi

GetModuleFileNameExW

imagehlp

CheckSumMappedFile

user32

CharLowerW
CharUpperW
CharLowerA
LoadStringW
GetSystemMetrics
CharUpperA

shell32

CommandLineToArgvW
ShellExecuteW
SHPathPrepareForWriteW
SHFileOperationW
SHGetFolderPathW

ole32

PropVariantClear

advapi32

RegEnumValueW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ControlService
ChangeServiceConfigW
RegDeleteValueW
StartServiceW
RevertToSelf
ImpersonateLoggedOnUser
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptGenRandom
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptGetHashParam
ConvertSidToStringSidW
GetTokenInformation
SetNamedSecurityInfoW
RegDeleteKeyW
RegSetValueW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegSetValueExW
RegCreateKeyExW
RegSaveKeyW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyExW
RegOpenCurrentUser
RegQueryValueExW
GetUserNameW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
IsTextUnicode
RegQueryInfoKeyW
GetSecurityInfo
SetSecurityInfo
RegEnumKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

wintrust

WinVerifyTrust

Exports

Exports

ProcessCleanupScriptW
SDKCache
SDKCacheClear
SDKCacheCreate
SDKCacheDestroy
SDKCacheEnumerate
SDKCacheLookup
SDKCreate
SDKDatabaseGetDate
SDKDatabaseGetFingerprintCount
SDKDatabaseGetVersion
SDKDatabaseLoad
SDKDatabaseLoadDefaults
SDKDatabaseUnload
SDKDestroy
SDKDetectKernelHooks
SDKDetectionCopy
SDKDetectionFree
SDKExclusionsAdd
SDKExclusionsClear
SDKExclusionsEnumerate
SDKExclusionsIsExcluded
SDKExclusionsMigrate
SDKExclusionsRead
SDKExclusionsRemove
SDKExclusionsWrite
SDKIsFileWhitelisted
SDKIsIDBlacklisted
SDKLanguageEnumerate
SDKLanguageGetName
SDKLanguageGetString
SDKLanguageGetStringA
SDKLanguageGetStringW
SDKLanguageSet
SDKLanguageSetPath
SDKLogAdd
SDKLogClear
SDKLogEnumerate
SDKLogSetFile
SDKLogSetFormat
SDKLogSetHeader
SDKLogSetLanguage
SDKLogSetPath
SDKLogWrite
SDKQuarantine
SDKQuarantineDelete
SDKQuarantineDeleteAll
SDKQuarantineEnumerate
SDKQuarantineRestore
SDKQuarantineRestoreAll
SDKQuarantineRestoreTo
SDKQuarantineSetPath
SDKRemovalExecute
SDKRemovalQueue
SDKRemove
SDKScan
SDKScanFile
SDKSessionSetHeader
_SDKCache@8
_SDKCacheClear@4
_SDKCacheCreate@0
_SDKCacheDestroy@4
_SDKCacheEnumerate@12
_SDKCacheLookup@12
_SDKCreate@12
_SDKDatabaseGetDate@12
_SDKDatabaseGetFingerprintCount@0
_SDKDatabaseGetVersion@8
_SDKDatabaseLoad@4
_SDKDatabaseLoadDefaults@0
_SDKDatabaseUnload@0
_SDKDestroy@0
_SDKDetectKernelHooks@0
_SDKDetectionCopy@4
_SDKDetectionFree@4
_SDKExclusionsAdd@4
_SDKExclusionsClear@0
_SDKExclusionsEnumerate@8
_SDKExclusionsIsExcluded@4
_SDKExclusionsMigrate@8
_SDKExclusionsRead@4
_SDKExclusionsRemove@4
_SDKExclusionsWrite@4
_SDKIsFileWhitelisted@4
_SDKIsIDBlacklisted@4
_SDKLanguageEnumerate@8
_SDKLanguageGetName@12
_SDKLanguageGetString@12
_SDKLanguageGetStringA@12
_SDKLanguageGetStringW@12
_SDKLanguageSet@4
_SDKLanguageSetPath@4
_SDKLogAdd@8
_SDKLogClear@0
_SDKLogEnumerate@8
_SDKLogSetFile@4
_SDKLogSetFormat@4
_SDKLogSetHeader@4
_SDKLogSetLanguage@4
_SDKLogSetPath@4
_SDKLogWrite@4
_SDKQuarantine@4
_SDKQuarantineDelete@4
_SDKQuarantineDeleteAll@0
_SDKQuarantineEnumerate@8
_SDKQuarantineRestore@4
_SDKQuarantineRestoreAll@0
_SDKQuarantineRestoreTo@8
_SDKQuarantineSetPath@4
_SDKRemovalExecute@4
_SDKRemovalQueue@4
_SDKRemove@8
_SDKScan@4
_SDKScanFile@24
_SDKSessionSetHeader@4

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

268e529a4ab5b5f54a24969ecfef0066

Code Sign

6f:36:c4:b7:4b:4f:8a:b0:01:f0:39:d6:92:a7:5b:49Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

de:04:6a:b9:81:43:0e:43:2b:7c:e6:34:e9:95:9f:c1:59:a1:f3:08Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sfc

shlwapi

userenv

mpr

psapi

imagehlp

user32

shell32

ole32

advapi32

netapi32

version

iphlpapi

wintrust

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 42KB - Virtual size: 51KB

.rsrc Size: 484KB - Virtual size: 484KB

.reloc Size: 72KB - Virtual size: 71KB

6f:36:c4:b7:4b:4f:8a:b0:01:f0:39:d6:92:a7:5b:49
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

de:04:6a:b9:81:43:0e:43:2b:7c:e6:34:e9:95:9f:c1:59:a1:f3:08
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 42KB - Virtual size: 51KB

.rsrc
Size: 484KB - Virtual size: 484KB

.reloc
Size: 72KB - Virtual size: 71KB