nefilim | 447bd8bf62c014f573447c63634520372aa08ba359d0bc87b631e09d0c209fb9 | Triage

Sharing

General

Target

447bd8bf62c014f573447c63634520372aa08ba359d0bc87b631e09d0c209fb9
Size

108KB
MD5

219d8a8b83031ac0096dd3e42f9afd4f
SHA1

701f4751fbf99ed03ffb178d0126f31b10a70226
SHA256

447bd8bf62c014f573447c63634520372aa08ba359d0bc87b631e09d0c209fb9
SHA512

8566277121f4b875664592cacc137dc8770a09b618e01368bbdc942b6ddca55882077ccb928641ab33fc5bc3abc137cab1f96eb36096f5c90a73e66e797999f5

Score

10^/10

upx nefilim

Malware Config

Signatures

Nefilim Ransomware Executable 1 IoCs

File contains patterns typical of Nefilim samples.

Processes:

resource	yara_rule
sample	nefilim_ransomware

Nefilim family
nefilim

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
sample	upx

Files

447bd8bf62c014f573447c63634520372aa08ba359d0bc87b631e09d0c209fb9
.exe windows x86

35f7171c074e35f1274e48a67e3185dc

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FindFirstFileW
lstrlenA
GetDriveTypeW
HeapAlloc
SetFilePointerEx
HeapFree
WaitForSingleObject
GetLogicalDrives
GetProcessHeap
WriteFile
Sleep
ReadFile
CreateFileW
GetFileSizeEx
GetLastError
SetLastError
MoveFileW
FindClose
lstrcmpiW
lstrcatW
FindNextFileW
CloseHandle
lstrcpyW
CreateThread
GetTempPathW
GetProcAddress
LoadLibraryA
CreateMutexA
GetCommandLineW

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE