NEAS[.]af13c2b880cf8ef4c73b749b49cc6460_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.af13c2b880cf8ef4c73b749b49cc6460_JC.exe
Size

605KB
MD5

af13c2b880cf8ef4c73b749b49cc6460
SHA1

3390a4d0edd958e5a5f17415f1c0b39691e49cdb
SHA256

0229f5769391752f5623dc8a2c4c631763972475877e894094e576fdf5725313
SHA512

b1c0ca94d2a828edd0b4656d63c1b9bca4ef39be298546828fc370f28091cc5da87232931ed7c9efecc667231b5d858632e2d381ef704d152a7c7e243fc098d9
SSDEEP

12288:wkue3L4ak377jtv3yrTbK00sR6JsS+IyiW+ZSWVecI4l:2eUVpvqTbK00sRVSRyiW3W8c

Score

1^/10

Malware Config

Signatures

Files

NEAS.af13c2b880cf8ef4c73b749b49cc6460_JC.exe
.exe windows:4 windows x86

40d8f5a805e0e7c57ca868098791ddfd

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:a7:d3:40:2f:4f:2d:31:50:9e:0f:d2:98:3a:b3:6e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20-06-2012 00:00

Not After

21-06-2013 23:59

Subject

CN=Oberon Media\, Inc.,OU=Game Center+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Oberon Media\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:7c:3a:58:31:c6:d5:e6:24:ad:71:3f:ff:1b:9c:95:87:be:90:ce
Signer

Actual PE Digest

c7:7c:3a:58:31:c6:d5:e6:24:ad:71:3f:ff:1b:9c:95:87:be:90:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetCrackUrlA

kernel32

SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetTickCount
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetStartupInfoA
RtlUnwind
ExitProcess
ExitThread
CreateThread
UnlockFile
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetTimeZoneInformation
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
RaiseException
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
SuspendThread
SetThreadPriority
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
SetLastError
SetFileAttributesA
GetFileAttributesA
OutputDebugStringA
GlobalFree
CreateFileA
GetFileSize
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
MoveFileA
InterlockedDecrement
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
LocalAlloc
LocalFree
LoadLibraryA
FreeLibrary
ExpandEnvironmentStringsW
GetModuleHandleA
GetProcAddress
GlobalAlloc
WritePrivateProfileStringW
WritePrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStringA
HeapSize
HeapAlloc
GetProcessHeap
HeapFree
FindResourceExA
GetVersionExA
lstrcpynA
CompareStringW
GetEnvironmentVariableA
GetVersion
CompareStringA
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
CopyFileA
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
lstrlenW
GetModuleFileNameW
ResumeThread
SetProcessShutdownParameters
GetProcessShutdownParameters
GetCurrentProcess
SetProcessWorkingSetSize
OpenEventA
SetEvent
WaitForSingleObject
Sleep
GetLastError
CloseHandle
CreateEventA
lstrcpyA
DeleteAtom
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
CreateFileW

user32

UnregisterClassA
GetSysColorBrush
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetMenu
GetMenuItemInfoA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
DefWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetWindowPos
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
IsDialogMessageA
SendDlgItemMessageA
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
MessageBoxA
ShowOwnedPopups
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
ScreenToClient
GrayStringA
TabbedTextOutA
CreateWindowExA
GetClientRect
ReleaseCapture
SetCapture
SetCursor
FillRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wvsprintfA
CharNextA
wsprintfA
CharUpperA
GetClassInfoA
KillTimer
SetTimer
PtInRect
EnableWindow
IsRectEmpty
MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatA
SetWindowContextHelpId
DrawTextExA
DestroyIcon
MapDialogRect
InvalidateRgn
SetRect
CopyAcceleratorTableA
SetWindowTextA
LoadCursorA
GetParent
GetWindowLongA
SetPropA
SetWindowLongA
SendMessageA
GetDlgItem
GetPropA
CallWindowProcA
RemovePropA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
IsWindow
GetWindowThreadProcessId
PostQuitMessage
GetDC
GetDesktopWindow
DrawTextA
UpdateWindow
SetForegroundWindow
GetWindowRect
GetSystemMetrics
GetForegroundWindow
FindWindowA
GetWindowInfo
GetWindowModuleFileNameA
GetWindow
GetWindowTextA
LoadIconA
IsIconic
DrawIcon
PostMessageA
FrameRect
InflateRect
GetSysColor
DeferWindowPos

gdi32

GetTextExtentPoint32A
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
Escape
CreatePen
GetStockObject
SetViewportExtEx
OffsetViewportOrgEx
SetTextColor
CreateFontIndirectA
DeleteObject
GetObjectA
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
GetClipBox
SetMapMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
SelectObject
CreateSolidBrush
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

AddAce
RegCreateKeyExA
RegQueryValueA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
LookupAccountSidA
GetUserNameA
LookupAccountNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
GetLengthSid
AddAccessDeniedAce
InitializeAcl
RegOpenKeyExA
IsValidAcl
GetSecurityDescriptorDacl
RegGetKeySecurity
RegSetKeySecurity
GetAclInformation
GetAce
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegNotifyChangeKeyValue

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
ShellExecuteExA

comctl32

ord17

shlwapi

SHCopyKeyA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsW
PathIsUNCA

oledlg

ord8

ole32

CoGetClassObject
CoTaskMemAlloc
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
CoTaskMemFree
CLSIDFromString
CoCreateGuid
StringFromGUID2
OleFlushClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

SafeArrayCreate
VarBstrFromDate
VarDateFromStr
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy
DispCallFunc
SysAllocString
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayDestroy
OleCreateFontIndirect

ws2_32

gethostbyname
htonl

sensapi

IsNetworkAlive

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40d8f5a805e0e7c57ca868098791ddfd

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

15:a7:d3:40:2f:4f:2d:31:50:9e:0f:d2:98:3a:b3:6eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c7:7c:3a:58:31:c6:d5:e6:24:ad:71:3f:ff:1b:9c:95:87:be:90:ceSigner

Headers

File Characteristics

Imports

psapi

version

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

sensapi

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 100KB - Virtual size: 96KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 32KB - Virtual size: 31KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

15:a7:d3:40:2f:4f:2d:31:50:9e:0f:d2:98:3a:b3:6e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c7:7c:3a:58:31:c6:d5:e6:24:ad:71:3f:ff:1b:9c:95:87:be:90:ce
Signer

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 32KB - Virtual size: 31KB