NEAS[.]ab0eb24c98b7182b6aab4df055d70f50_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ab0eb24c98b7182b6aab4df055d70f50_JC.exe
Size

1.4MB
MD5

ab0eb24c98b7182b6aab4df055d70f50
SHA1

642b8430f3513e7f533c42334811d8bd0570ee20
SHA256

ed84b931a87918678c32226e7dd834ffbb980cfcfea36e6462b8464955fd5913
SHA512

d4fe1a4583b824420e3aaa1d878375bfc98948db4c53c21509c9424a13f14c4201f5d1883ab22ecfccf38bf1939e53306ea57bdb582dbe022d573f3c0d50b7aa
SSDEEP

24576:pCi4mEtKIy+nbnKJ2m5n70HZIxl0qNKLL6FpqTereDwqFnCfuvuadh8V6je:Any+nTa70H+2wqOuvuadh8VKe

Score

1^/10

Malware Config

Signatures

Files

NEAS.ab0eb24c98b7182b6aab4df055d70f50_JC.exe
.dll windows:4 windows x86

89cdaa157b6698355028f37374fa0891

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fd:7c:46:f3:35:60:e2:47:5d:d9:23:c6:08:f9:3d:7d:35:9d:33:48:33:fb:38:09:88:a2:54:9c:95:6a:8e:59
Signer

Actual PE Digest

fd:7c:46:f3:35:60:e2:47:5d:d9:23:c6:08:f9:3d:7d:35:9d:33:48:33:fb:38:09:88:a2:54:9c:95:6a:8e:59

Digest Algorithm

sha256

PE Digest Matches

true

b4:fb:79:5e:aa:43:d5:17:cb:88:6e:83:92:62:b3:55:3e:b5:eb:94
Signer

Actual PE Digest

b4:fb:79:5e:aa:43:d5:17:cb:88:6e:83:92:62:b3:55:3e:b5:eb:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
GetLastError
CreateFileA
WaitForSingleObject
InitializeCriticalSection
CreateEventA
GetFileSize
EnterCriticalSection
TerminateThread
ReadFile
MultiByteToWideChar
lstrlenA
SetEvent
DeleteCriticalSection
lstrlenW
InterlockedDecrement
CloseHandle
TryEnterCriticalSection
LeaveCriticalSection
Sleep
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
FreeLibrary
GlobalFree
GetPrivateProfileStringA
CreateDirectoryA
GlobalAlloc
WritePrivateProfileStringA
GlobalMemoryStatusEx
OpenEventA
FindFirstFileA
FindClose
FindNextFileA
OutputDebugStringA
WideCharToMultiByte
GetThreadLocale
QueryPerformanceFrequency
GetTickCount
InterlockedIncrement
QueryPerformanceCounter
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetLocaleInfoA
SetEndOfFile
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameA
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
WriteFile
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
SetFilePointer
MoveFileA
GetProcessHeap
GetVersionExA
VirtualAlloc
VirtualLock
VirtualProtect
VirtualFree
VirtualUnlock
GetCurrentProcess
SetLastError
SetHandleInformation
InterlockedExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
HeapReAlloc
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
DeleteFileA
GetModuleHandleA
ExitProcess
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCommandLineA
RemoveDirectoryA

user32

GetCursorPos

advapi32

RegCloseKey
RegQueryValueExA
SystemFunction036
RegOpenKeyExA

shell32

SHGetFolderPathA

ole32

CoCreateInstance
OleRun
CoInitialize

oleaut32

GetErrorInfo
VariantClear
VariantCopy
SysFreeString
SafeArrayCreate
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayPutElement

ws2_32

gethostname
getservbyname
getservbyport
WSASetLastError
inet_addr
gethostbyaddr
inet_ntoa
gethostbyname
bind
ntohs
ntohl
connect
socket
htons
select
recvfrom
htonl
shutdown
__WSAFDIsSet
getsockopt
ioctlsocket
WSAGetLastError
setsockopt
closesocket
recv
WSACleanup
WSAIoctl
getpeername
getsockname
accept
listen
send
WSAStartup
sendto

urlmon

URLDownloadToCacheFileA

iphlpapi

GetIpNetTable
GetBestRoute
GetBestInterface
GetIpAddrTable

Exports

Exports

GetNATType
GetUdpIPAndPort
QuerySeed
RelayPunchReq
ReportFileID
SendUdpData
SetQuerySeedCallback
SetRelayReqCallback
SetRelayRspCallback
SetUdpRecvCallback
TXP2P_CheckTaskFinish
TXP2P_ClearCache
TXP2P_ClearChargeVideoInfo
TXP2P_ClearExpirePrepushResource
TXP2P_DelTask
TXP2P_DeleteOfflineCache
TXP2P_DeleteOfflineData
TXP2P_DeleteOfflineFileCache
TXP2P_FreePrepushResourceInfoList
TXP2P_GetClipSize
TXP2P_GetLoopID
TXP2P_GetMediaData
TXP2P_GetOfflineFilePath
TXP2P_GetPrepushResourceInfoList
TXP2P_GetTaskInfo
TXP2P_GetTaskInfoEx
TXP2P_GetTaskLocalUrl
TXP2P_GetTaskProperty
TXP2P_GetTaskType
TXP2P_GetVersion
TXP2P_GetVersionNum
TXP2P_Init
TXP2P_IsInit
TXP2P_Log
TXP2P_NewTask
TXP2P_NewTaskByUrl
TXP2P_NewTaskByVinfo
TXP2P_ReadClipData
TXP2P_SetAppState
TXP2P_SetCallbackFunc
TXP2P_SetConfig
TXP2P_SetCurrentPlayerPos
TXP2P_SetGetVinfoFunc
TXP2P_SetHasDependencyTask
TXP2P_SetIsCharge
TXP2P_SetPlayFlowId
TXP2P_SetPlayTime
TXP2P_SetPlayerState
TXP2P_SetPrepushResourceValidTimestamp
TXP2P_SetPrepushTaskHttpMaxSpeed
TXP2P_SetSimpleLogFunc
TXP2P_SetTaskClipUrl
TXP2P_SetTaskDownloadFileidList
TXP2P_SetTaskEncryptInfo
TXP2P_SetTaskGUID
TXP2P_SetTaskM3u8
TXP2P_SetTaskUrl
TXP2P_SetUserData
TXP2P_SetVInfoJson
TXP2P_SetVinfoResult
TXP2P_StartTask
TXP2P_StopTask
TXP2P_Uninit
TestPunchType
_GetOriginalUrl@16
_GetPeerServerUin@0
_IsAdvUseProxy@0
_IsEncryptVideo@4
_IsVodUseProxy@0
_SetForceOnline@8
_TXP2P_CheckResourceFinish@4
_TXP2P_ClearM3u8@4
_TXP2P_ClearUserData@0
_TXP2P_CloseRequest@8
_TXP2P_DelAllTask@0
_TXP2P_GetCurrentBufferSize@4
_TXP2P_GetCurrentBufferTime@4
_TXP2P_GetCurrentPlayCDNURL@8
_TXP2P_GetDownloadSpeed@8
_TXP2P_GetGlobalErrorCode@4
_TXP2P_GetGlobalErrorCodeStr@16
_TXP2P_GetM3U8@12
_TXP2P_GetOfflineM3U8Path@16
_TXP2P_GetPlayContentType@12
_TXP2P_GetPlayPropertyInfo@8
_TXP2P_GetTaskCdnUrl@12
_TXP2P_GetTaskVinfo@16
_TXP2P_GetTotalTime@4
_TXP2P_GetTsCount@4
_TXP2P_GetTsSize@8
_TXP2P_GetUploadInfo@8
_TXP2P_IsTaskManagerIdle@0
_TXP2P_PushEvent@4
_TXP2P_ReadTsData@20
_TXP2P_ReleaseAllTaskMemory@0
_TXP2P_ReleaseTaskMemory@4
_TXP2P_RemoveOfflineCache@12
_TXP2P_SetAdvRemainTime@4
_TXP2P_SetCurrentAdvRemainTime@12
_TXP2P_SetCurrentTime@8
_TXP2P_SetGlobalErrorCode@8
_TXP2P_SetHasOfflineDownloadTask@4
_TXP2P_SetMemoryStatus@8
_TXP2P_SetRemainTime@8
_TXP2P_SetResourceSourceType@8
_TXP2P_SetServerConfig@4
_TXP2P_SetStorageDevicesInfo@4
_TXP2P_SetTaskCallback@12
_TXP2P_SetTaskStorageMode@8
_TXP2P_SetVInfoXml@12
_TXP2P_StartPlayByVid@32
crypto_aead_chacha20poly1305_abytes
crypto_aead_chacha20poly1305_decrypt
crypto_aead_chacha20poly1305_decrypt_detached
crypto_aead_chacha20poly1305_encrypt
crypto_aead_chacha20poly1305_encrypt_detached
crypto_aead_chacha20poly1305_ietf_abytes
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_decrypt_detached
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_encrypt_detached
crypto_aead_chacha20poly1305_ietf_keybytes
crypto_aead_chacha20poly1305_ietf_npubbytes
crypto_aead_chacha20poly1305_ietf_nsecbytes
crypto_aead_chacha20poly1305_keybytes
crypto_aead_chacha20poly1305_npubbytes
crypto_aead_chacha20poly1305_nsecbytes
crypto_hash_sha256
crypto_hash_sha256_final
crypto_hash_sha256_init
crypto_hash_sha256_update
crypto_onetimeauth_poly1305
crypto_onetimeauth_poly1305_bytes
crypto_onetimeauth_poly1305_final
crypto_onetimeauth_poly1305_init
crypto_onetimeauth_poly1305_keybytes
crypto_onetimeauth_poly1305_update
crypto_onetimeauth_poly1305_verify
crypto_stream_chacha20
crypto_stream_chacha20_ietf
crypto_stream_chacha20_ietf_noncebytes
crypto_stream_chacha20_ietf_xor
crypto_stream_chacha20_ietf_xor_ic
crypto_stream_chacha20_keybytes
crypto_stream_chacha20_noncebytes
crypto_stream_chacha20_xor
crypto_stream_chacha20_xor_ic
crypto_verify_16
randombytes
randombytes_buf
randombytes_close
randombytes_implementation_name
randombytes_random
randombytes_set_implementation
randombytes_stir
randombytes_sysrandom_implementation
randombytes_uniform
sodium_add
sodium_allocarray
sodium_bin2hex
sodium_compare
sodium_free
sodium_hex2bin
sodium_increment
sodium_is_zero
sodium_malloc
sodium_memcmp
sodium_memzero
sodium_mlock
sodium_mprotect_noaccess
sodium_mprotect_readonly
sodium_mprotect_readwrite
sodium_munlock

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89cdaa157b6698355028f37374fa0891

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

fd:7c:46:f3:35:60:e2:47:5d:d9:23:c6:08:f9:3d:7d:35:9d:33:48:33:fb:38:09:88:a2:54:9c:95:6a:8e:59Signer

b4:fb:79:5e:aa:43:d5:17:cb:88:6e:83:92:62:b3:55:3e:b5:eb:94Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

urlmon

iphlpapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 224KB - Virtual size: 220KB

.data Size: 32KB - Virtual size: 565KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 68KB - Virtual size: 66KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

fd:7c:46:f3:35:60:e2:47:5d:d9:23:c6:08:f9:3d:7d:35:9d:33:48:33:fb:38:09:88:a2:54:9c:95:6a:8e:59
Signer

b4:fb:79:5e:aa:43:d5:17:cb:88:6e:83:92:62:b3:55:3e:b5:eb:94
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 224KB - Virtual size: 220KB

.data
Size: 32KB - Virtual size: 565KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 68KB - Virtual size: 66KB