NEAS[.]0cfddc98fa44bbf2f169b2b6668d63f0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.0cfddc98fa44bbf2f169b2b6668d63f0_JC.exe
Size

701KB
MD5

0cfddc98fa44bbf2f169b2b6668d63f0
SHA1

d6fb304614cd2ea33f1263d5ad3bd3d0d6b3c4a2
SHA256

2ed2c224933d36d9959ccc59382a1e38675af7d278c0abdd023ce9cd326cd6e9
SHA512

55d0e7ad9edac269e5504b51c3c7996e96508dbd23a3ecf52c19b9455a32cdc8da03d12ea390227fd30f74b750ac6b42851adf34d7b180c609f87c510c09332c
SSDEEP

12288:e3c1UCtG6eXIdHNugybjMYJzCef2mJCfkowGqav0klllHCEK:eyUCEXXd6A4Jll0EK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0cfddc98fa44bbf2f169b2b6668d63f0_JC.exe

Files

NEAS.0cfddc98fa44bbf2f169b2b6668d63f0_JC.exe
.exe windows:4 windows x86

de12f65c3e6479c7fef6913aabc1af6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xpprt1

?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewNil
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?domAssign
?momSOff
UPPER
?domValXEql
SETCURSOR
?retStackValue
SAVESCREEN
INKEY
?domNEql
?andShortCut
?domAnd
?domValEql
?domValNEql
?domSub
?domAdd
?domNot
RESTSCREEN
?retStackItem
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
FOPEN
?domValGCmp
FCREATE
QOUT
FCLOSE
SCROLL
?domLCmp
DEVPOS
PAD
DEVOUT
?domGCmp
?domDiv
?domMul
FSEEK
STR
FWRITE
?domLECmp
FREADSTR
VAL
SPACE
FREAD
CHR
SUBSTR
AT
__vft19ConNumericIntObject10AtomObject
__vft21ConNumericFloatObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft14ConStringShort10AtomObject
?symPrivateConst
?getRFPC
?symRefItemConst
FCOUNT
ARRAY
?getWFPC
?domInc
?domValLECmp
?domGetElem
?symGetItemConst
?executeMacro
TRIM
ALLTRIM
DTOS
?domRefElem
ALIAS
RECNO
DATE
DTOC
?conNNewNil
?symPublicConst
FILE
SETPOS
GET
ROW
COL
EMPTY
?pushCodeBlock
?conSendItem
AADD
ACREATE
LASTKEY
RAT
DBSELECTAREA
DBUSEAREA
DBSETINDEX
SELECT
ORDSETFOCUS
DBGOTOP
SET
DBSEEK
FOUND
EOF
?orShortCut
?domOr
?retNil
?symPublicFalse
?executeLMacro
DBSKIP
?symParameterConst
_QUIT
PCOUNT
INDEXORD
ASCAN
DBGOTO
FIELDPOS
FIELDPUT
DBUNLOCK
DBDELETE
LASTREC
BOF
?Xb2MacroSubstStringConst
SETCOLOR
TYPE
?domEql
ACOPY
DISPBOX
?domValLCmp
ADEL
AINS
RLOCK
DBAPPEND
NETERR
LEN
STRTRAN
ASC
?domGECmp
?domValSubStr
?conNewCon
?conRelease
REPLICATE
INT
MAXROW
MAXCOL
?domPostInc
_ATPROMPT
_KEYBOARD
_MENUTO
FERROR
SETPRC
?conNewString
TONE
ISPRINTER
RTRIM
LOWER
SETKEY
MEMOEDIT
?getWCFC
RECCOUNT
MIN
ACHOICE
?domXEql
YEAR
MONTH
DAY
DBLOCATE
CDOW
CTOD
?domDec
?domMod
DBPACK
FERASE
DBCOPYEXTSTRUCT
DBCLOSEAREA
DBCREATEINDEX
FRENAME
ORDLISTREBUILD
DBCLOSEALL
___iniStart
___iniGetDLLInitHook
___xpprt1Version
___iniInitM
___iniInitFS
___iniCall
__conRelease
DBSTRUCT
VALTYPE
?domSubStr
?domAddEqu
LTRIM
BREAK
ERRORBLOCK
?ehUnsetContext
?ehGetBreakContainer
FIELDGET
AEVAL
?conAssignRefWMember
PROCNAME
PROCLINE
?conMemberToItem
EVAL
QQOUT
NATIONMSG
DISPOUT
TRANSFORM
?conOpNewInt
DBESETDEFAULT
DBELIST
DBELOAD
DBEINFO
DBEUNLOAD
ATAIL
ASIZE
DBCREATE
DBEVAL
DELETED
ERROR
?setSWArea
?restWArea
ACLONE
FIELDNAME
AFILL
DBCOPYSTRUCT
?getRCFC
LASTAPPEVENT
MAX
APPEVENT
SETAPPEVENT
SETAPPWINDOW
?retObject
?nomClassLock
?nomClassUnlock
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?conNewExtObject
?nomCallInitClass
?conGetSelfClass
?conGetClass
SETMOUSE
APPTYPE
APPDESKTOP
XBPCRT
APPNAME
ROOTCRT
DBCOMMITALL
ALERT
DBEBUILD
_BREAK
ERRORLEVEL
CONFIRMBOX
?floadTos
PADL
MSGBOX
TIME
VERSION
OS

xppdbgc

__XPPdbgClient

Sections

.text
Size: 593KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de12f65c3e6479c7fef6913aabc1af6a

Headers

File Characteristics

Imports

xpprt1

xppdbgc

Sections

.text Size: 593KB - Virtual size: 592KB

.data Size: 42KB - Virtual size: 41KB

.xpp Size: 4KB - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 593KB - Virtual size: 592KB

.data
Size: 42KB - Virtual size: 41KB

.xpp
Size: 4KB - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 22KB - Virtual size: 21KB