7dd5a2ccfb63a1e5752477694d2ba2f0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

7dd5a2ccfb63a1e5752477694d2ba2f0_NEIKI
Size

1.6MB
MD5

7dd5a2ccfb63a1e5752477694d2ba2f0
SHA1

fd10fbae38d95393104c46b4f2848998e5596bb2
SHA256

ee9f8523964960a367665eb21791d5c9e9f57f09e24c2c7a697152e2e199c2a0
SHA512

64e13cf76dd5974b653d8fc28a49d35ac39e0425a68a2f7656ae55e8174663bcc51911ec468fa9af266647aa4064a575f03dcb39c68e92616c288c0c97bee4c1
SSDEEP

49152:Nxu4rMwCc/yDPy7FjkXVlwIMai5F1683kA:jMaa6k+IMai7NkA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

7dd5a2ccfb63a1e5752477694d2ba2f0_NEIKI
.exe windows:5 windows x86 arch:x86

Code Sign

3a:d6:a8:b7:39:a2:c3:a2:6d:40:40:6c:16:8c:4a:b9
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-03-2016 00:00

Not After

02-03-2019 23:59

Subject

CN=Teknopars Bilisim Teknolojileri san. ve tic. ltd. sti.,OU=Arge,O=Teknopars Bilisim Teknolojileri san. ve tic. ltd. sti.,L=istanbul,ST=istanbul,C=TR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

40:63:32:7e:ce:92:51:f7:1b:c0:21:86:83:a7:96:61:73:cf:d6:9f:c2:eb:10:d9:21:04:01:5f:14:49:17:21
Signer

Actual PE Digest

40:63:32:7e:ce:92:51:f7:1b:c0:21:86:83:a7:96:61:73:cf:d6:9f:c2:eb:10:d9:21:04:01:5f:14:49:17:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 84B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

3a:d6:a8:b7:39:a2:c3:a2:6d:40:40:6c:16:8c:4a:b9Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

40:63:32:7e:ce:92:51:f7:1b:c0:21:86:83:a7:96:61:73:cf:d6:9f:c2:eb:10:d9:21:04:01:5f:14:49:17:21Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.1MB

UPX1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 47KB - Virtual size: 48KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.itext Size: 11KB - Virtual size: 11KB

.data Size: 81KB - Virtual size: 81KB

.bss Size: - Virtual size: 26KB

.idata Size: 17KB - Virtual size: 16KB

.didata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 160B

.tls Size: - Virtual size: 84B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 383KB - Virtual size: 383KB

.rsrc Size: 408KB - Virtual size: 408KB

3a:d6:a8:b7:39:a2:c3:a2:6d:40:40:6c:16:8c:4a:b9
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

40:63:32:7e:ce:92:51:f7:1b:c0:21:86:83:a7:96:61:73:cf:d6:9f:c2:eb:10:d9:21:04:01:5f:14:49:17:21
Signer

UPX0
Size: - Virtual size: 4.1MB

UPX1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 47KB - Virtual size: 48KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.itext
Size: 11KB - Virtual size: 11KB

.data
Size: 81KB - Virtual size: 81KB

.bss
Size: - Virtual size: 26KB

.idata
Size: 17KB - Virtual size: 16KB

.didata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 160B

.tls
Size: - Virtual size: 84B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 383KB - Virtual size: 383KB

.rsrc
Size: 408KB - Virtual size: 408KB