NEAS[.]6e1b34853e05cbd10441be57fcd60e90_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6e1b34853e05cbd10441be57fcd60e90_JC.exe
Size

1.5MB
MD5

6e1b34853e05cbd10441be57fcd60e90
SHA1

11d89297051724c135ea884fd1ed004e7caacceb
SHA256

af149348cbc125bce1157a660781a062717e18bf09bc0dc4d005e8ef92ed5f40
SHA512

22176482c90d33f8115e2bf8ae2bd6fcbd050885cba64b463703e0427bca5b6a2bff1decb2a05c006ebf8407e653029c08d632600b9467683623f664c2e70258
SSDEEP

24576:nmrCPDfBUH+AirApRAAW3zeROHBMpLH0jlvFE8wEUUy5YcX+:miDAirApRA5N+hP5vX+

Score

1^/10

Malware Config

Signatures

Files

NEAS.6e1b34853e05cbd10441be57fcd60e90_JC.exe
.dll windows:4 windows x86

03163b210617e138415f5faf762ae081

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:7e:e9:8f:97:c0:7d:a5:66:40:87:0b:95:a2:75:d3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/08/2012, 00:00

Not After

24/08/2013, 23:59

Subject

CN=Kings Information & Network Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Business Support Department,O=Kings Information & Network Co.\, Ltd.,L=Hanamsi,ST=Gyeonggido,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:61:94:b7:13:cb:b1:6e:2a:ad:5f:2e:7c:47:aa:e3:fe:db:87
Signer

Actual PE Digest

69:cb:61:94:b7:13:cb:b1:6e:2a:ad:5f:2e:7c:47:aa:e3:fe:db:87

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
MoveFileExA
MoveFileA
WinExec
CreateProcessA
GetExitCodeProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateMutexA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetHandleInformation
GetSystemInfo
GlobalMemoryStatusEx
CompareStringW
CompareStringA
GetLocaleInfoW
SetConsoleCtrlHandler
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
Sleep
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetFilePointer
FlushFileBuffers
SetStdHandle
UnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
OpenMutexA
FindResourceA
LoadResource
SizeofResource
LockResource
GetFileAttributesA
SetFileAttributesA
WriteFile
CreateDirectoryA
CopyFileA
GetSystemDefaultLangID
GetUserDefaultLangID
GetTickCount
GetModuleHandleA
GetCurrentThread
GetCurrentProcess
LocalAlloc
GetCurrentThreadId
LocalFree
GetModuleFileNameA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileStringA
OpenProcess
TerminateProcess
DeviceIoControl
CreateFileA
OutputDebugStringA
GetLastError
CloseHandle
GetSystemDirectoryA
GetLocalTime
GetVersionExA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
HeapCreate
HeapDestroy
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
FreeLibrary
WaitForSingleObject
ReleaseMutex
GetCurrentProcessId
GetLocaleInfoA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapReAlloc
SetUnhandledExceptionFilter
FatalAppExitA
GetTimeZoneInformation
GetSystemTime
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetEnvironmentVariableA

user32

wsprintfA
GetParent
FindWindowA
MessageBoxA
CallNextHookEx
GetClassNameA
PostMessageA
IsWindow
ToUnicodeEx
ToUnicode
ToAsciiEx
CallWindowProcA
GetWindowTextA
IsWindowUnicode
SetWindowLongW
SetWindowLongA
GetWindowThreadProcessId
SetTimer
KillTimer
GetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
SendMessageTimeoutA
GetActiveWindow
MapVirtualKeyA
GetKeyState
GetAsyncKeyState
GetKeyboardState
ToAscii
GetFocus
GetKeyboardLayout
GetForegroundWindow

advapi32

GetLengthSid
CloseServiceHandle
OpenSCManagerA
ChangeServiceConfigA
OpenServiceA
RegLoadKeyA
RegRestoreKeyA
RegSaveKeyA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegFlushKey
RegCreateKeyExA
RegOpenKeyExA
GetSecurityDescriptorSacl
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
DeleteService
ControlService
StartServiceA
CreateServiceA
GetCurrentHwProfileA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

imagehlp

MakeSureDirectoryPathExists

imm32

ImmGetContext
ImmSetConversionStatus
ImmGetConversionStatus
ImmReleaseContext

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

urlmon

URLDownloadToFileA

shlwapi

PathFileExistsA

Exports

Exports

kdfAutoStart
kdfAutoStartClean
kdfAutoStartCleanB
kdfAutoStartCleanD
kdfAutoStartV
kdfAutoStart_PIDTID
kdfAutoStart_h
kdfCkeckKeylogger
kdfExProtect
kdfGetVersion
kdfSelfCheckIntegrity
kdfSetFlashE2E_INJ
kdfSetImageDir
kdfWebBrowserContextMenu
kdfWebBrowserHandleAdd
kdfWebBrowserHandleRemove

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03163b210617e138415f5faf762ae081

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

6b:7e:e9:8f:97:c0:7d:a5:66:40:87:0b:95:a2:75:d3Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

69:cb:61:94:b7:13:cb:b1:6e:2a:ad:5f:2e:7c:47:aa:e3:fe:db:87Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

imagehlp

imm32

version

urlmon

shlwapi

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

6b:7e:e9:8f:97:c0:7d:a5:66:40:87:0b:95:a2:75:d3
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

69:cb:61:94:b7:13:cb:b1:6e:2a:ad:5f:2e:7c:47:aa:e3:fe:db:87
Signer

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 12KB - Virtual size: 11KB