NEAS[.]a89bd54ed77e891783d7cee99a4633a0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.a89bd54ed77e891783d7cee99a4633a0_JC.exe
Size

133KB
MD5

a89bd54ed77e891783d7cee99a4633a0
SHA1

95c11c9f0c25c315589c7a803d36ac473b65480e
SHA256

8dec7a072a8459ae01fb26a70f14f54f257e539936d6dc24c4602bd04d204d1d
SHA512

67e164eacb027ea2d998c9dcc7887adf4ef904edb8bbb574968ca4edf551dd94918204541e6bfbd2b14d8d45a295d3aa15d20da7119e35715fa7192d7451976c
SSDEEP

3072:IaoSqv6BB8E/igPhWKINGunrTFfOlOUwO7:2sPigoKIprhfOlF7

Score

1^/10

Malware Config

Signatures

Files

NEAS.a89bd54ed77e891783d7cee99a4633a0_JC.exe
.dll windows:5 windows x64

3480ae98eb8b90ff5421cc315b420163

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

29:c1:5b:3f:aa:cd:52:6a:4e:67:bd:3c:4e:7e:3f:f2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2012, 00:00

Not After

20/09/2015, 23:59

Subject

CN=Autodesk\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Design Solutions Group,O=Autodesk\, Inc,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:2b:d6:cb:21:ed:3c:a9:d3:d5:62:47:d6:f9:b3:2c:02:59:24:19
Signer

Actual PE Digest

00:2b:d6:cb:21:ed:3c:a9:d3:d5:62:47:d6:f9:b3:2c:02:59:24:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageA
LocalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
DecodePointer
EncodePointer

msvcp100

?_Incref@facet@locale@std@@QEAAXXZ
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z

msvcr100

free
_initterm_e
_initterm
_malloc_crt
strerror
__CxxFrameHandler3
_CxxThrowException
??2@YAPEAX_K@Z
_purecall
??3@YAXPEAX@Z
??1exception@std@@UEAA@XZ
__crt_debugger_hook
memmove
memcpy
??0exception@std@@QEAA@AEBV01@@Z
?what@exception@std@@UEBAPEBDXZ
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_encoded_null
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_wcsicmp
__FrameUnwindFilter
_cexit
??_V@YAXPEAX@Z
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__C_specific_handler
_amsg_exit
??0exception@std@@QEAA@AEBQEBD@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
__CxxUnregisterExceptionObject
__CxxDetectRethrow

mc3

?Create@CMLState@@SAPEAV1@PEB_W@Z
?Create@CMLAttribute@@SAPEAV1@PEB_W0@Z
?Create@CMLWaypoint@@SAPEAV1@PEB_W@Z
?IsMC3Active@CMLFacade@@SA_NXZ
?IsMC3Initialized@CMLFacade@@SA_NXZ
?WaypointReached@CMLFacade@@SAXPEAVCMLWaypoint@@@Z

acad.exe

AcadGetIDispatch

accore

acedHelp

user32

WinHelpW
GetActiveWindow

oleaut32

SysFreeString

mfc100u

ord296
ord890
ord1290

mscoree

_CorDllMain

Exports

Exports

?SelectCoordSysFromManagedUI@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
LaunchCreationWizard
SetHelpAndCipHandler

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3480ae98eb8b90ff5421cc315b420163

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

29:c1:5b:3f:aa:cd:52:6a:4e:67:bd:3c:4e:7e:3f:f2Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

00:2b:d6:cb:21:ed:3c:a9:d3:d5:62:47:d6:f9:b3:2c:02:59:24:19Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp100

msvcr100

mc3

acad.exe

accore

user32

oleaut32

mfc100u

mscoree

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.nep Size: 2KB - Virtual size: 2KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 550B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

29:c1:5b:3f:aa:cd:52:6a:4e:67:bd:3c:4e:7e:3f:f2
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

00:2b:d6:cb:21:ed:3c:a9:d3:d5:62:47:d6:f9:b3:2c:02:59:24:19
Signer

.text
Size: 23KB - Virtual size: 22KB

.nep
Size: 2KB - Virtual size: 2KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 550B