NEAS[.]68950b23382fc2649e0d0816b8faa9f0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.68950b23382fc2649e0d0816b8faa9f0_JC.exe
Size

481KB
MD5

68950b23382fc2649e0d0816b8faa9f0
SHA1

65683c82ad40b689a1b973a512e3da837fe228f3
SHA256

f1fdbf5a1625cf7824b2e9c840fbd0d464fffa0c1e9c4642e73d4d5d1ffb880b
SHA512

1126c04b78ff37b68ea595b8d44338ceb64b2ed22c7dee2e4f97bba4097b16ec1d8f20ce88a51419160f62fba141130d59e8d60d9f69305663b66beb9e9e95dd
SSDEEP

6144:FlMn/Et7Ys21pX4FSyfJNf8Dq5MOLz0EdqJTJ:FOHXsSSJ2DqJsJTJ

Score

1^/10

Malware Config

Signatures

Files

NEAS.68950b23382fc2649e0d0816b8faa9f0_JC.exe
.exe windows:4 windows x64

5b2922745d522614463dad05c06eab06

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:ac:31:a0:f3:25:7e:0b:0c:ab:cb:ad:eb:a5:53:4c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-04-2010 00:00

Not After

24-04-2013 23:59

Subject

CN=Advanced Micro Devices\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Developer Systems Support,O=Advanced Micro Devices\, Inc.,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:c0:c0:7d:e3:04:fd:ee:e7:04:90:54:ea:0f:30:33:f1:f1:5d:27
Signer

Actual PE Digest

56:c0:c0:7d:e3:04:fd:ee:e7:04:90:54:ea:0f:30:33:f1:f1:5d:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

kernel32

WaitForSingleObject
WriteConsoleW
CreateFileW
ExitProcess
OutputDebugStringW
SetLastError
CreateDirectoryW
GetModuleFileNameW
GetVersionExW
GetModuleHandleW
GetSystemInfo
DeleteFileW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
GetTickCount
RaiseException
SetUnhandledExceptionFilter
SetFilePointer
FormatMessageW
VirtualQuery
IsBadWritePtr
GetCurrentThread
WriteFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
CreateEventW
FreeLibrary
CloseHandle
GetProcAddress
LoadLibraryW
lstrcpynW
lstrlenW
SetEvent
TerminateProcess
UnhandledExceptionFilter
ResetEvent
GetLastError

user32

wvsprintfW
ExitWindowsEx
wsprintfW

shell32

ShellExecuteW
SHGetFolderLocation
SHGetPathFromIDListW
SHGetMalloc

msvcp80

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@AEBV01@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@PEBG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAXXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KXZ
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@H@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@AEBV01@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBGAEBV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@AEBV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@AEBV10@PEBG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2_KB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KAEBV12@_K@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAHPEBG@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?width@ios_base@std@@QEAA_J_J@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?eq_int_type@?$char_traits@G@std@@SA_NAEBG0@Z
?eof@?$char_traits@G@std@@SAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?length@?$char_traits@G@std@@SA_KPEBG@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_NXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@PEBG@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@_K0@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@V32@0@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA?AV12@_K0@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAHAEBV12@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@_K0PEBG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAG_K@Z
?_Myptr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IEAAPEAGXZ
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAXAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPEBGAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAXAEAV12@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAPEBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@PEBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG@Z
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z

msvcr80

??0exception@std@@QEAA@XZ
??2@YAPEAX_K@Z
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
wcschr
_errno
wcslen
strlen
towupper
towlower
wcsrchr
wcscmp
memset
??_V@YAXPEAX@Z
isspace
_waccess
_wchmod
_wrmdir
mbstowcs_s
wcstombs_s
_vsnwprintf_s
wcscpy
wcsncpy
_wstrtime
_wstrdate
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
_invalid_parameter_noinfo
_CxxThrowException
_vswprintf
getchar
wprintf
_wcsicmp
wcsstr
_wtoi
??3@YAXPEAX@Z
__CxxFrameHandler3

shlwapi

PathIsDirectoryW

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b2922745d522614463dad05c06eab06

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

30:ac:31:a0:f3:25:7e:0b:0c:ab:cb:ad:eb:a5:53:4cCertificate

Extended Key Usages

Key Usages

56:c0:c0:7d:e3:04:fd:ee:e7:04:90:54:ea:0f:30:33:f1:f1:5d:27Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

shell32

msvcp80

msvcr80

shlwapi

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 18KB - Virtual size: 22KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 88KB - Virtual size: 88KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

30:ac:31:a0:f3:25:7e:0b:0c:ab:cb:ad:eb:a5:53:4c
Certificate

56:c0:c0:7d:e3:04:fd:ee:e7:04:90:54:ea:0f:30:33:f1:f1:5d:27
Signer

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 18KB - Virtual size: 22KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 88KB - Virtual size: 88KB