41e60fd055b77d6fbbf4bb52909355c0_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41e60fd055b77d6fbbf4bb52909355c0_NEIKI
Size

176KB
MD5

41e60fd055b77d6fbbf4bb52909355c0
SHA1

1806599acffc7d7ee89d61d934f5f8b0cda5a22a
SHA256

c81274314da4803ccf3988c3f95723dddaa96b4bb3c59bc6851370f4e45da518
SHA512

802d69fb6b44d526dd688661f1147cbcd9c081cf2f7d04a8148242f5862cc8457e4cf6cb96a21d111b1c0dc2c8dbbca1850be7c6d0637adb68416332f74c5511
SSDEEP

768:Ac/TbblFpQNwC3BEc4QEfu0Ei8XxNDI/vFaaz6JZ1Ssw63BEfL:x7bbl/eThavEjDUvFaaAXZL0L

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e60fd055b77d6fbbf4bb52909355c0_NEIKI

Files

41e60fd055b77d6fbbf4bb52909355c0_NEIKI
.exe windows:4 windows x86 arch:x86

1639b1e17656fed4f63bac94cbb79cec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord593
ord594
ord595
ord598
ord525
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord530
ord716
ProcCallEngine
ord537
ord645
ord570
ord685
ord100
ord616
ord546
ord547
ord580

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE