NEAS[.]e9b43d1f93bb1f3cc8f5f10bc74c0b30_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.e9b43d1f93bb1f3cc8f5f10bc74c0b30_JC.exe
Size

215KB
MD5

e9b43d1f93bb1f3cc8f5f10bc74c0b30
SHA1

9385ef2c7ffeb4cb909fd806b6e5f0cfb7a1b8bf
SHA256

3a9e02739715b3c1fb72d43d19015bc7927c1e0d7d1d597b1c5f7e2c576d2cdc
SHA512

4ddfb2f489c60a84c5716bd9ce70223992148c9721a88a146760bc531a8c71d123f64cbe3bd9e03ba295d2308c48f65d87a5e44f1e6c8581bb096557adc96ae6
SSDEEP

3072:BjnpDJoKWoo54HlypKPu+LGZLY7HC0mbVEKiZWaA2kwTagzh9DsCh87tYubh:JnpDJN/nFypopi0mZpnOfuCzAh

Score

1^/10

Malware Config

Signatures

Files

NEAS.e9b43d1f93bb1f3cc8f5f10bc74c0b30_JC.exe
.dll regsvr32 windows:10 windows x86

cdc7249762e30709a3d6015a5741da2b

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2015 17:15

Not After

18-11-2016 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:9b:9f:1f:82:0d:e1:14:eb:46:91:ed:5f:0a:e6:af:3f:26:5d:37:50:dd:45:b1:83:0e:24:69:c7:bb:0d:a6
Signer

Actual PE Digest

f4:9b:9f:1f:82:0d:e1:14:eb:46:91:ed:5f:0a:e6:af:3f:26:5d:37:50:dd:45:b1:83:0e:24:69:c7:bb:0d:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

ntdll

RtlStringFromGUID
RtlFreeHeap
RtlFreeUnicodeString
RtlAllocateHeap
RtlUnwind

kernel32

SetFileAttributesA
FindClose
GetModuleHandleA
FindNextFileW
CloseHandle
GetWindowsDirectoryW
DeleteFileA
OutputDebugStringA
Sleep
LocalAlloc
LocalFree
FindVolumeClose
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
SetLastError
DeviceIoControl
GetVersionExA
FindFirstVolumeW
FreeLibrary
LoadLibraryExA
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceExA
GetModuleFileNameA
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LockResource
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
lstrlenW
lstrlenA
GetCommandLineA
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetProcAddress
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
LoadLibraryExW
HeapCreate
VirtualFree
GetStdHandle
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileAttributesA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WaitForSingleObject
GetExitCodeProcess
GetFileSizeEx
GetConsoleOutputCP
WriteConsoleA
WriteConsoleW
SetEndOfFile
ReadConsoleW
SetEnvironmentVariableA
CreateFileW
GetSystemDirectoryA
ReadFile
CopyFileW
WriteFile
SetFilePointerEx
SetFilePointer
FindFirstFileW
CreateFileA
CompareStringA
lstrcmpiA
GetLastError
RaiseException
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
TerminateProcess
CreateProcessA

advapi32

RegDeleteValueA
RegEnumKeyExA
RegEnumKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
QueryServiceConfigA
RegOpenKeyExW
RegEnumValueW
OpenSCManagerA
RegDeleteValueW
RegOpenKeyExA
RegCreateKeyExA
ChangeServiceConfigA
RegQueryValueExW
RegCreateKeyExW
RegSetValueExA
CloseServiceHandle
OpenServiceA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
VariantClear
GetErrorInfo

user32

UnregisterClassA
MessageBoxA
CharNextA

shell32

SHGetFileInfoA

setupapi

SetupDiOpenDeviceInfoW
CM_Get_Parent_Ex
CM_Get_Device_ID_ExW
CM_Get_DevNode_Registry_Property_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
CM_Get_Parent
SetupDiGetDeviceInstanceIdW
SetupDiGetDriverInfoDetailW
SetupDiSetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupGetLineTextW
SetupGetLineCountW
SetupGetFieldCount
SetupDiGetClassDevsA
SetupDiSetDeviceRegistryPropertyA
SetupOpenInfFileW
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoW
SetupCloseInfFile
SetupGetLineByIndexW
SetupGetStringFieldW
SetupDiGetINFClassW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_IDA
SetupDiCreateDeviceInfoA

newdev

UpdateDriverForPlugAndPlayDevicesW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdc7249762e30709a3d6015a5741da2b

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f4:9b:9f:1f:82:0d:e1:14:eb:46:91:ed:5f:0a:e6:af:3f:26:5d:37:50:dd:45:b1:83:0e:24:69:c7:bb:0d:a6Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ole32

oleaut32

user32

shell32

setupapi

newdev

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 185KB

.data Size: 4KB - Virtual size: 11KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f4:9b:9f:1f:82:0d:e1:14:eb:46:91:ed:5f:0a:e6:af:3f:26:5d:37:50:dd:45:b1:83:0e:24:69:c7:bb:0d:a6
Signer

.text
Size: 185KB - Virtual size: 185KB

.data
Size: 4KB - Virtual size: 11KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB