NEAS[.]613988586605d346954ab45c6ae83360_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.613988586605d346954ab45c6ae83360_JC.exe
Size

57KB
MD5

613988586605d346954ab45c6ae83360
SHA1

a7d14a2a9040be352307d3dca6a48f733ccdb58b
SHA256

c4e9aae92fbd38d1f30248d87792ce41ab7ffb9c80f9f498117f791e0fa886ac
SHA512

42b9d7e0a9786017f4c10f34c994325588344b314e12b92d77646f47c65aec23c03b9faa26b2b5d2fcc3b971c56df7ca2e97fee0ad3815a85dc3182c5fa7a200
SSDEEP

1536:1BBuooMysteZfkSLwKaO7BCz8i8sEn4dtgEBHb:1nuooMyste9kUv7M4xsQ4dtgExb

Score

1^/10

Malware Config

Signatures

Files

NEAS.613988586605d346954ab45c6ae83360_JC.exe
.exe windows:6 windows x86

d4c240b618b0af2d51499afd7062c8a8

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:ea:0d:85:65:00:8c:c0:44:06:c0:51:04:11:35:48:2c:4d:ed:26:10:41:01:a6:fb:e9:64:a6:92:40:c2:2d
Signer

Actual PE Digest

e8:ea:0d:85:65:00:8c:c0:44:06:c0:51:04:11:35:48:2c:4d:ed:26:10:41:01:a6:fb:e9:64:a6:92:40:c2:2d

Digest Algorithm

sha256

PE Digest Matches

true

6d:f4:11:a0:7c:4e:07:a2:52:fa:0c:e0:f9:9a:0f:78:fb:e9:29:34
Signer

Actual PE Digest

6d:f4:11:a0:7c:4e:07:a2:52:fa:0c:e0:f9:9a:0f:78:fb:e9:29:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

kernel32

GlobalUnlock
FreeLibrary
GetFileAttributesW
GetUserDefaultUILanguage
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
MultiByteToWideChar
FormatMessageW
LoadLibraryW
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
GlobalLock
GetCurrentThreadId
CloseHandle
CreateEventW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringW
InitializeSListHead
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent

vcruntime140

_except_handler4_common
__std_terminate
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__vcrt_InitializeCriticalSectionEx
memset
_CxxThrowException
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

iswdigit
iswxdigit
wcsncpy_s
wcstok_s

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_set_app_type

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

mfc140u

ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord6129
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord6549
ord1002
ord1133
ord12526
ord7654
ord6495
ord10250
ord14785
ord5781
ord12887
ord9990
ord9525
ord286
ord5109
ord8464
ord2383
ord928
ord1412
ord13963
ord8048
ord4815
ord10379
ord7653
ord995
ord1472
ord2246
ord5117
ord12559
ord2304
ord4589
ord6804
ord6860
ord5763
ord12928
ord12219
ord12251
ord10433
ord8217
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord5003
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord5019
ord8470
ord2990
ord12884
ord14417
ord14411
ord8360
ord458
ord1111
ord7493
ord2215
ord3697
ord10472
ord2750
ord4885
ord4092
ord3833
ord9468
ord890
ord1391
ord11038
ord7820
ord2303
ord13544
ord1523
ord2256
ord280
ord2335
ord1066
ord1179
ord6531
ord9210
ord12172
ord2760
ord13752
ord6218
ord3164
ord3403
ord3404
ord11396
ord12131
ord11015
ord9040
ord1653
ord2996
ord8756
ord12641
ord4219
ord3145
ord9126
ord6490
ord2753
ord14573
ord3874
ord2994
ord8745
ord4224
ord3189
ord9131
ord6588
ord14507
ord4477
ord7027
ord2409
ord2761
ord8210
ord3302
ord3305
ord13756
ord6220
ord14137
ord296
ord5653
ord8157
ord4886
ord9513
ord1374
ord853
ord1045
ord4323
ord1525
ord4936
ord4942
ord1777
ord1756
ord4997
ord1770
ord1744
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord5013
ord12220
ord8965
ord14588
ord11936
ord4954
ord3838
ord12089
ord9139
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord4960
ord4966
ord8386
ord4948
ord7941
ord10285
ord5961

user32

FindWindowW
SetForegroundWindow
LoadIconW
GetSystemMenu
DeleteMenu
EnableWindow
SendMessageW
GetWindowThreadProcessId
AttachThreadInput
SetFocus
IsIconic
AppendMenuW
GetSystemMetrics
GetClientRect
DrawIcon
WinHelpW
IsClipboardFormatAvailable
GetParent
CloseClipboard
GetClipboardData
OpenClipboard

comctl32

InitCommonControlsEx

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4c240b618b0af2d51499afd7062c8a8

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8fCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

e8:ea:0d:85:65:00:8c:c0:44:06:c0:51:04:11:35:48:2c:4d:ed:26:10:41:01:a6:fb:e9:64:a6:92:40:c2:2dSigner

6d:f4:11:a0:7c:4e:07:a2:52:fa:0c:e0:f9:9a:0f:78:fb:e9:29:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

mfc140u

user32

comctl32

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 100B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 3KB

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e8:ea:0d:85:65:00:8c:c0:44:06:c0:51:04:11:35:48:2c:4d:ed:26:10:41:01:a6:fb:e9:64:a6:92:40:c2:2d
Signer

6d:f4:11:a0:7c:4e:07:a2:52:fa:0c:e0:f9:9a:0f:78:fb:e9:29:34
Signer

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 100B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB