General
-
Target
NepLoader.exe
-
Size
6.7MB
-
MD5
e64b3596caa357bc1434eee8c980afda
-
SHA1
9aaebfda777a9ff8f178f55610ad80bc50a20b52
-
SHA256
240aeb0ed06a499eb0fc8ab0dc2d970cde772ca522d8d2fb15b3339e5b9d5951
-
SHA512
ff6a9f1d1c57ea56f2de8882cfba153fce98f6a09078c95e4a9c32914d029ce64eecbe741f98d8cba81288cdd6b2e68a8cfae319fe341fb4955251454966a79b
-
SSDEEP
196608:3z36q8uBIX3nJVYpmkuNLgN3L2NERTNDGS:r6q8ZXMpmk+LgIEwS
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NepLoader.exe
Files
-
NepLoader.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 19KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 5.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ