NEAS[.]8d7837f60c56b9981f6f92ca9df3d120_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8d7837f60c56b9981f6f92ca9df3d120_JC.exe
Size

221KB
MD5

8d7837f60c56b9981f6f92ca9df3d120
SHA1

946329c0918a7b00214064e204b45c4a8861e0ca
SHA256

ab9e02568e8ea9ba2cdc7629838bf2e9c2af6ec87b8736993303d9a1c1796ea2
SHA512

6ebbfab7167bf920a563548b73d5dcf67ee2a8cdda553e12518b93361d3d084f379466f2ab8a54c0c4f658bd8a5ee4d61a34b927366a924149f5e9e8cb41f6f3
SSDEEP

3072:Yla1QG9b+treiB46ADFMBbjTVj7fezI9Q21aduqWSs+vJnqb/1hkh47rL1/l:Yla1bWeJDiRjTl7fwc1aduqWkG/r7rL

Score

1^/10

Malware Config

Signatures

Files

NEAS.8d7837f60c56b9981f6f92ca9df3d120_JC.exe
.dll regsvr32 windows:6 windows x64

cfade70d12b19c7d7003479ac412c76b

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:bb:dc:46:e4:ac:88:54:e1:a2:d0:8a:60:91:38:b5:c2:26:1e:b1:cf:4d:be:2e:76:2b:ac:47:c4:e8:29:fa
Signer

Actual PE Digest

a7:bb:dc:46:e4:ac:88:54:e1:a2:d0:8a:60:91:38:b5:c2:26:1e:b1:cf:4d:be:2e:76:2b:ac:47:c4:e8:29:fa

Digest Algorithm

sha256

PE Digest Matches

true

6c:ca:38:80:e2:48:e5:ce:5b:ad:bc:52:b9:04:39:68:32:27:0a:92
Signer

Actual PE Digest

6c:ca:38:80:e2:48:e5:ce:5b:ad:bc:52:b9:04:39:68:32:27:0a:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mfc42u

ord1883
ord311
ord827
ord2756
ord2754
ord2757
ord1499
ord1506
ord1524
ord1803
ord4550
ord4273
ord6886
ord2906
ord493
ord971
ord626
ord624
ord1126
ord1284
ord1262
ord2384
ord2329
ord665
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord2661
ord3933
ord6814
ord1771
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1778
ord4365
ord4988
ord6440
ord3535
ord3761
ord337
ord2517
ord5077
ord5406
ord5245
ord4721
ord852
ord5702
ord4771
ord1777
ord6437
ord5687
ord3743
ord2586
ord822
ord4741
ord4557
ord6612
ord6102
ord4860
ord2393
ord3806
ord4257
ord2593
ord912
ord4747
ord3501
ord2846
ord6614
ord6767
ord2377
ord1606
ord2975
ord5887
ord3830
ord1574
ord286
ord1562
ord6880
ord5804
ord6821
ord5815
ord6832
ord865
ord3790
ord1647
ord2427
ord3783
ord851
ord1677
ord2676
ord5367
ord5370
ord4879
ord4884
ord4881
ord4899
ord4901
ord4886
ord4690
ord4682
ord5288
ord4946
ord1061
ord1735
ord3932
ord4780
ord5662
ord2121
ord2876
ord592
ord4404
ord4598
ord4991
ord5345
ord5343
ord5477
ord5298
ord6819
ord5277
ord3065
ord3031
ord5765
ord6178
ord2419
ord5283
ord5679
ord4711
ord5296
ord4944
ord4855
ord3388
ord1919
ord4585
ord657
ord4405
ord5285
ord5090
ord4712
ord5297
ord4945
ord5682
ord4813
ord4859
ord3911
ord2139
ord1056
ord3531
ord408
ord2106
ord2902
ord904
ord1946
ord4597
ord1122
ord1287
ord1869
ord4523
ord4473
ord4014
ord4131
ord4124
ord6610
ord6632
ord6351
ord387
ord4461
ord2919
ord6202
ord2920
ord3536
ord5839
ord1316
ord4212
ord1674
ord2671
ord6624
ord5420
ord3481
ord4633
ord890
ord4364
ord4774
ord5524
ord5521
ord3141
ord5704
ord2405
ord2750
ord5674
ord4784
ord4806
ord4849
ord5441
ord3681
ord6841
ord3682
ord6842
ord372
ord2518
ord3652
ord3257
ord6235
ord613
ord2133
ord6379
ord1036
ord647
ord2136
ord4476
ord1053
ord611
ord2268
ord3044
ord6284
ord3637
ord1034
ord1838
ord4565
ord620
ord1124
ord1259
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1426
ord1427
ord6787
ord5870
ord1566
ord1063
ord5724
ord5065
ord6053
ord2752
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord6509
ord659
ord3916
ord2412
ord3468
ord5722
ord4368
ord5730
ord5711
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord4082
ord4077
ord4083
ord3164
ord4983
ord4371
ord4770
ord287
ord1463
ord2408
ord4375
ord1040
ord622
ord5089
ord6887

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
__CxxFrameHandler
toupper
isspace
isxdigit
isdigit
memcpy
_wremove
_CxxThrowException
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
_wtol
wcsrchr
isprint
memset
_vsnwprintf

advapi32

RegCloseKey
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegSetValueW
RegSetValueExW
RegQueryValueW
RegCreateKeyW

gdi32

CreateFontW
GetDeviceCaps

kernel32

GetVersionExW
lstrlenW
lstrcpyW
GetUserDefaultLCID
lstrcatW
GetLastError
GlobalAlloc
GlobalFree
MulDiv
lstrcmpiW
CreateFileW
FlushFileBuffers
GetTempFileNameW
WriteFile
GetTempPathW
CloseHandle
WaitForSingleObject
CreateProcessW
LocalFree
FormatMessageW
Sleep
VirtualProtect
LocalAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameW

ole32

CoTaskMemFree
StringFromIID
CreateStreamOnHGlobal
OleFlushClipboard
OleSetClipboard
CLSIDFromString
StringFromGUID2
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantChangeType
QueryPathOfRegTypeLi
ClearCustData
LoadRegTypeLi

rpcrt4

UuidHash

user32

wsprintfW
EnableWindow
SendMessageW
GetClipboardFormatNameW
GetClientRect
GetWindowRect
UpdateWindow
ReleaseDC
InvalidateRect
GetParent
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
WaitMessage
SetFocus
GetDC

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfade70d12b19c7d7003479ac412c76b

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59Certificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7bCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

a7:bb:dc:46:e4:ac:88:54:e1:a2:d0:8a:60:91:38:b5:c2:26:1e:b1:cf:4d:be:2e:76:2b:ac:47:c4:e8:29:faSigner

6c:ca:38:80:e2:48:e5:ce:5b:ad:bc:52:b9:04:39:68:32:27:0a:92Signer

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

gdi32

kernel32

ole32

oleaut32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 175KB

.data Size: 2KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 2KB

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

a7:bb:dc:46:e4:ac:88:54:e1:a2:d0:8a:60:91:38:b5:c2:26:1e:b1:cf:4d:be:2e:76:2b:ac:47:c4:e8:29:fa
Signer

6c:ca:38:80:e2:48:e5:ce:5b:ad:bc:52:b9:04:39:68:32:27:0a:92
Signer

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 2KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 2KB