NEAS[.]87bd283cc1b57b25d029e92f3e8e6290_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.87bd283cc1b57b25d029e92f3e8e6290_JC.exe
Size

161KB
MD5

87bd283cc1b57b25d029e92f3e8e6290
SHA1

4d85edeeb10e8c61d7b92132ff04a3ecc3584a22
SHA256

4a61102f6ea5534d9a7e305aa2a66b2debd1a558ddc7493a2e2da761568e9317
SHA512

b6bf241780e20010124404087381d850f8b14806ec9797b1673634e9f2e0d4f496cb93a61a5dedfc4c13066947a1d58d500490a7fab72b7c3346d1b23d034a61
SSDEEP

3072:YsU5EwE9nDm0lEgS4HZ5KDgTTQ9qFPZ7R1X5WMEWXwYXnpxQeR:9xVna0vPHZ5AgTTQ9qFRN1XQUwQpxT

Score

1^/10

Malware Config

Signatures

Files

NEAS.87bd283cc1b57b25d029e92f3e8e6290_JC.exe
.exe windows:5 windows x64

11d8972e327e186bb365c042e120ebc4

Code Sign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16/02/2006, 18:01

Not After

19/02/2016, 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:9b:73:e1:00:01:00:00:90:80
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

06/08/2012, 17:06

Not After

15/05/2015, 19:35

Subject

CN=Intel Corporation - Software and Firmware Products,OU=Intel Architecture Group,O=Intel Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1e:80:b7:00:00:00:00:00:07
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

15/05/2009, 19:25

Not After

15/05/2015, 19:35

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:a5:23:f1:39:10:c4:56:44:72:ed:57:bf:e5:3d:bf:42:4e:f0:a0
Signer

Actual PE Digest

8a:a5:23:f1:39:10:c4:56:44:72:ed:57:bf:e5:3d:bf:42:4e:f0:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hccutils

LoadBITMAP
LoadSTRINGW
LoadICON
LoadIMAGE
FindResources

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenA
lstrcmpiA
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
CreateMutexA
GetCurrentThreadId
GetCommandLineA
Sleep
VirtualAlloc
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
HeapReAlloc
HeapCreate
GetVersion
HeapSetInformation
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetStringTypeW
LCMapStringW
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateEventA
GetLastError
CloseHandle
GetVersionExA
FreeLibrary
CreateProcessA
GetModuleHandleA
SetStdHandle
GetProcAddress
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
CreateFileW
RtlUnwindEx
RtlLookupFunctionEntry
HeapAlloc
RtlPcToFileHeader
LocalFree
LeaveCriticalSection
GetCurrentProcessId
GetStartupInfoW
DecodePointer
EncodePointer
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualProtect
HeapFree
EnterCriticalSection

user32

GetCursorPos
GetWindowLongW
CharNextW
PostThreadMessageA
SetWindowLongW
FindWindowA
DestroyMenu
CharNextA
SendMessageW
RegisterWindowMessageA
IsWindow
CreateDialogParamW
ShowWindow
GetDC
GetSystemMetrics
ReleaseDC
PostQuitMessage
SetTimer
KillTimer
CreatePopupMenu
AppendMenuA
SetForegroundWindow
TrackPopupMenu
DestroyIcon
DestroyWindow
GetDlgItem
SendMessageA
GetDesktopWindow
GetWindowRect
SetWindowTextW
wsprintfW
RegisterClassA
CreateWindowExA
PostMessageA
DispatchMessageA
GetMessageA
DefWindowProcA

gdi32

DeleteObject
GetDIBits
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
SetBkColor
BitBlt
SetTextColor
DeleteDC

advapi32

RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

Shell_NotifyIconW

ole32

CLSIDFromProgID
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CoSuspendClassObjects
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy

shlwapi

StrStrIA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11d8972e327e186bb365c042e120ebc4

Code Sign

05:b0:ffCertificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:0b:dc:8f:00:00:00:00:00:1aCertificate

Key Usages

2f:9b:73:e1:00:01:00:00:90:80Certificate

Extended Key Usages

Key Usages

61:1e:80:b7:00:00:00:00:00:07Certificate

Key Usages

8a:a5:23:f1:39:10:c4:56:44:72:ed:57:bf:e5:3d:bf:42:4e:f0:a0Signer

Headers

DLL Characteristics

File Characteristics

Imports

hccutils

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 17KB - Virtual size: 26KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

05:b0:ff
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

2f:9b:73:e1:00:01:00:00:90:80
Certificate

61:1e:80:b7:00:00:00:00:00:07
Certificate

8a:a5:23:f1:39:10:c4:56:44:72:ed:57:bf:e5:3d:bf:42:4e:f0:a0
Signer

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 17KB - Virtual size: 26KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB