NEAS[.]496cc165017e6196999cd2c3bd5d2aa0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.496cc165017e6196999cd2c3bd5d2aa0_JC.exe
Size

139KB
MD5

496cc165017e6196999cd2c3bd5d2aa0
SHA1

e3f181736458410ba2206ca04454377afd079626
SHA256

cbf8c0c2cd778310ef809a801df25a0de6e12ce2cec409d965969c46d9a9e0f2
SHA512

74c524c510c7b4813e08cc756e46736204f05313b901ce0d9232565f901e44ca71538cfe1fb7228bdfb6807b4f4f46b385eadbec95d16ae91137384176207e70
SSDEEP

1536:jR+J55n2Y397Z89BN9cXGNwe08xLeYJj:jGJ83MT8f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.496cc165017e6196999cd2c3bd5d2aa0_JC.exe

Files

NEAS.496cc165017e6196999cd2c3bd5d2aa0_JC.exe
.exe windows:4 windows x86

846aa33af2b740e460d95a0ce244cfd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

dclipx

DC_GETTEMPLATE
DC_GETLISTSET
DC_GETANCHORCB
DC_GETIDDEFAULT
DC_READGUIEVENT
DC_READGUI
DC_SETAPPFOCUS
DC_GETREFRESH

gufuncs

ZUWEIS
XAUF
SATZAPPE
SATZLOCK

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
?conNewNil
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?conNNewNil
?momSOff
ACREATE
?symRefItemConst
SPACE
ARRAY
?domAssign
?getWFPC
?domInc
?getRFPC
AADD
?domRefElem
LEN
?pushCodeBlock
__vft19ConNumericIntObject10AtomObject
__vft20ConStringConstObject10AtomObject
ASIZE
?retNil
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?passParameter
EMPTY
?domNot
?retStackValue
?retStackItem
ALIAS
DBSEEK
FOUND
?getWCFC
?domSub
TRIM
SUBSTR
?setSWArea
DBCLOSEAREA
?restWArea
?domGetElem
?domSubStr
__vft14ConLogicObject10AtomObject
__vft14ConStringShort10AtomObject
ERRORBLOCK
LEFT
DATE
MONTH
STRZERO
DAY
SECONDS
STR
RIGHT
?domAdd
?conMemberToItem
?domXEql
?andShortCut
?domAnd
DBSESSION
?domEql
ISFUNCTION
?executeMacro
?conSendItem
?conAssignRefWMember
LTRIM
DOSERRORMESSAGE
APPTYPE
SETAPPWINDOW
ROW
COL
ALERT
SETPOS
_BREAK
ERRORLEVEL
_QUIT
ISMETHOD
PROCNAME
PROCLINE
CHR
STRTRAN
CONFIRMBOX
?domValGCmp
VALTYPE
BREAK
SET
?orShortCut
ROOTCRT
?domOr
?ehUnsetContext
?ehGetBreakContainer
?conRelease
PADL
TONE
QOUT
OUTERR
MSGBOX
REPLICATE
APPNAME
TIME
VERSION
OS
VAR2CHAR
QQOUT
AEVAL
MLCOUNT
MEMOLINE
RTRIM
?domValXEql
__vft21ConNumericFloatObject10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_2_00_0
___xpprt1Version

xppsys

APPEXIT
DBESYS

xppdbgc

__XPPdbgClient

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

846aa33af2b740e460d95a0ce244cfd4

Headers

File Characteristics

Imports

dclipx

gufuncs

xpprt1

xppsys

xppdbgc

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 8KB - Virtual size: 7KB

.xpp Size: 512B - Virtual size: 238B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 8KB - Virtual size: 7KB

.xpp
Size: 512B - Virtual size: 238B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 5KB - Virtual size: 4KB