NEAS[.]5b52f5f5c427261af6f1e69affa8dbb0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5b52f5f5c427261af6f1e69affa8dbb0.exe
Size

166KB
MD5

5b52f5f5c427261af6f1e69affa8dbb0
SHA1

3322ccc7899354a36d7cc95496fb5e5308978e9c
SHA256

3bb98ca3a537dffeb3a36f68b4445a3df7fc08dc42d270109ec27527618196f8
SHA512

029aa1714c57eb1e9c999b67cd8140b018a43f7c25f90f7ec403bea7408ff94004ca06c20bc5f09badf9c0f3981617557f913e17c12506955551d53ef384ba3c
SSDEEP

1536:Qd7o8bpeaF71BPbC3IO2t3BYenXMCFGBkR+yOc82RcC:43p5rCi3BZcCFDfOc82RcC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5b52f5f5c427261af6f1e69affa8dbb0.exe

Files

NEAS.5b52f5f5c427261af6f1e69affa8dbb0.exe
.exe windows:4 windows x86

0b43c53db3ca727803a8785b664a187d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xbtbase1

DIRMAKE

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
?retNil
?conNRelease
?frameExit
?ehUnwind
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?momSOff
_QUIT
?conNReleaseL
?passParameter
?symPrivateConst
ACREATE
SETAPPWINDOW
?conSendItem
?domAssign
ARRAY
EMPTY
?retStackValue
?getRFPC
?domRefElem
?domGetElem
?domValLECmp
?domSub
?domDiv
INT
?symRefItemConst
?conAssignRefWMember
?pushCodeBlock
?conMemberToItem
NATIONMSG
SETAPPFOCUS
CHR
?domAdd
FILE
?domNot
ALLTRIM
RIGHT
?retStackItem
DIRECTORY
LEN
?domNEql
?andShortCut
?domAnd
__vft20ConStringConstObject10AtomObject
?domAddEqu
AT
LEFT
FATTR
FERASE
DLLCALL
CONFIRMBOX
__vft19ConNumericIntObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version
?conNewString
DLLLOAD
DLLUNLOAD
?nomClassLock
?nomClassUnlock
?retObject
?conNewNil
XBPBASEDIALOG
?conGetClass
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?conNewExtObject
?nomCallInitClass
?conRelease
?conGetSelfClass
XBPBASECRT
XBPBASECOMBOBOX
XBPBASELISTBOX
XBPBASEPUSHBUTTON
XBPBASESPINBUTTON
XBPBASEMENUBAR
XBPBASEMENU
XBPBASESLE
XBPBASEMLE
XBPBASETREEVIEW
XBPBASETREEVIEWITEM
XBPBASE3STATE
XBPBASETABPAGE
XBPBASESCROLLBAR
XBPBASECHECKBOX
XBPBASERADIOBUTTON
XBPBASESTATIC
XBPBASEPRESSPACE
?domXEql
?orShortCut
?domOr
SETMOUSE
ACLONE
BAND
VALTYPE
?domValXEql
UPPER
?pushDynamicCodeBlock
ASCAN
SHELLLINKRESOLVE
AEVAL
FOPEN
FSIZE
FREADSTR
FCLOSE
SUBSTR
PCOUNT
?domLCmp
?domValNEql
GRAQUERYTEXTBOX
?conOpNewInt
L2BIN
?domMul
SET
CONVTOANSICP
?domGCmp
APPEVENT
SETAPPEVENT
EVAL
REPLICATE
BIN2L
__vft21ConNumericFloatObject10AtomObject
?domValEql
LOADRESOURCE
PROCNAME
THREADID
DOSERROR
ERRORBLOCK
ERROR
BREAK
WORKSPACELIST
?setSWArea
DBCOMMIT
?restWArea
DBCLOSEAREA
?ehUnsetContext
?ehGetBreakContainer
DBRROLLBACK
DBELOAD
ALERT
DBEBUILD
DBSESSION
?domEql
ISFUNCTION
?executeMacro
AADD
STR
LTRIM
DOSERRORMESSAGE
APPTYPE
ROW
COL
SETPOS
_BREAK
ERRORLEVEL
ISMETHOD
?domInc
TRIM
PROCLINE
?floadTos
STRTRAN
?domValGCmp
ROOTCRT
PADL
TONE
QOUT
OUTERR
MSGBOX
APPNAME
DATE
TIME
VERSION
OS
SPACE
VAR2CHAR
QQOUT
MLCOUNT
MEMOLINE
RTRIM

xppdbgc

__XPPdbgClient

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b43c53db3ca727803a8785b664a187d

Headers

File Characteristics

Imports

xbtbase1

xpprt1

xppdbgc

Sections

.text Size: 136KB - Virtual size: 136KB

.data Size: 14KB - Virtual size: 14KB

.xpp Size: 2KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 136KB - Virtual size: 136KB

.data
Size: 14KB - Virtual size: 14KB

.xpp
Size: 2KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 6KB - Virtual size: 5KB