6f31e939997fa1df06200fd3076cdda0_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f31e939997fa1df06200fd3076cdda0_NEIKI
Size

5.8MB
MD5

6f31e939997fa1df06200fd3076cdda0
SHA1

4c74729d612237d6169f5ca7260bc35c43ca58c8
SHA256

33becaaabed1658fdeac9fcd2dff912da02340565dc28410cf58aa599b194363
SHA512

0ed6e225b0bba8740af2c1168f7e2c51b2c9c3995763139430f568f8214c08715c9774062390a23d1899aa945622f8a9942dfe7e30307392d56fe5f1155eb4c5
SSDEEP

98304:Bb/GCgq69JYTrPr4mFMNFthkwpmFOdpgN2ZCwK4dBuUTHKLS8dSY9cpk9hz:BDHWJUr4e4kwp/gNP7aBuWqLK+7z

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f31e939997fa1df06200fd3076cdda0_NEIKI

Files

6f31e939997fa1df06200fd3076cdda0_NEIKI
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 622KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ