NEAS[.]ec8dbb8b47f53d4e00656fd3e2e69a00_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ec8dbb8b47f53d4e00656fd3e2e69a00_JC.exe
Size

223KB
MD5

ec8dbb8b47f53d4e00656fd3e2e69a00
SHA1

8578d4677ce10cecf6fabd77d83af6bb90c4ccbd
SHA256

2f6d3994c9563a7d4f780cd3f985becbf18e7537f2cd9ea1d1d54b31050bef6d
SHA512

ed134d61a9d5e74b785940594027806d8aa4082886e48da339557978dd9ed1c2b76b07ddf32ea9663e8b3df8a2428563be1a291a05fbe123ddf2d8cb5d768df6
SSDEEP

3072:c65sVBuEQGt0JSceBZlWRl1bf31kr54M0DK1bsxXd:FEvyJoSk6MF1bsj

Score

1^/10

Malware Config

Signatures

Files

NEAS.ec8dbb8b47f53d4e00656fd3e2e69a00_JC.exe
.dll windows:10 windows x86

5e5af1b6428321f2e3a920a77edd670b

Code Sign

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:23

Not After

11/08/2018, 20:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:8f:5a:cb:63:65:cd:57:0e:8d:ff:c7:a4:dd:43:cf:d9:24:e5:c0:30:fd:f3:41:a7:69:1e:26:a4:83:22:e2
Signer

Actual PE Digest

90:8f:5a:cb:63:65:cd:57:0e:8d:ff:c7:a4:dd:43:cf:d9:24:e5:c0:30:fd:f3:41:a7:69:1e:26:a4:83:22:e2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
strncpy_s
strnlen
_callnewh
memcmp
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
memcpy
_except_handler4_common
??0exception@@QAE@XZ
_onexit
__dllonexit
_vsnwprintf
qsort
_vsnprintf_s
_purecall
memcpy_s
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
_initterm
malloc
_amsg_exit
_XcptFilter
free
memset

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventWrite
EventRegister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
ReleaseMutex
LeaveCriticalSection
ReleaseSemaphore
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
CreateEventA
OpenSemaphoreW
CreateSemaphoreExW
InitializeCriticalSection
CreateMutexExW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
TlsSetValue

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

ntdll

RtlInitUnicodeString
NtDeviceIoControlFile
NtClose
NtCreateFile

dxva2

OPMGetVideoOutputsFromHMONITOR

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

dxgi

CreateDXGIFactory2

d3d11

D3D11CreateDevice

api-ms-win-dx-d3dkmt-l1-1-1

D3DKMTOpenAdapterFromLuid

api-ms-win-dx-d3dkmt-l1-1-0

D3DKMTQueryAdapterInfo
D3DKMTCloseAdapter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e5af1b6428321f2e3a920a77edd670b

Code Sign

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

90:8f:5a:cb:63:65:cd:57:0e:8d:ff:c7:a4:dd:43:cf:d9:24:e5:c0:30:fd:f3:41:a7:69:1e:26:a4:83:22:e2Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

ntdll

dxva2

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-winrt-l1-1-0

dxgi

d3d11

api-ms-win-dx-d3dkmt-l1-1-1

api-ms-win-dx-d3dkmt-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 191KB - Virtual size: 190KB

.data Size: 512B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 140B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

90:8f:5a:cb:63:65:cd:57:0e:8d:ff:c7:a4:dd:43:cf:d9:24:e5:c0:30:fd:f3:41:a7:69:1e:26:a4:83:22:e2
Signer

.text
Size: 191KB - Virtual size: 190KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB