8f622ae2f3216ed3303ee84930aea7e0_NEIKI

Sharing

Copy URL

Twitter E-mail

General

Target

8f622ae2f3216ed3303ee84930aea7e0_NEIKI
Size

4.7MB
MD5

8f622ae2f3216ed3303ee84930aea7e0
SHA1

3ef71253f9231ef61b3265e7d50a5a0d4f21d222
SHA256

707556bc10e3d6217e6ac9177e9f98274b73da9d1a08b35d1621359ae12d05ed
SHA512

b5efebf1ee03a7b3676742fb275a054299b7ace9854f94e3b65f87785093e2964a93307eebf0f83d845fef1a72febc4d83e5bc45672726a0e842be94ee80f4a8
SSDEEP

98304:ehYLC+NHF76+MBTT19cY2t1AKo/X8D2cxfK4QkHi8CQb6cO9sKK:e6C+bIBWHAKo/IxJi8lP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f622ae2f3216ed3303ee84930aea7e0_NEIKI

Files

8f622ae2f3216ed3303ee84930aea7e0_NEIKI
.exe windows:5 windows x86 arch:x86

3e45c9e0d0948f183fc1786149b344eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
GetModuleHandleA
LoadLibraryA
GetProcAddress
HeapAlloc
HeapFree
ExitProcess

mscoree

_CorExeMain

Sections

Size: 825KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 386B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DcH
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.md'
Size: 666KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.f/6
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xd>
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e45c9e0d0948f183fc1786149b344eb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscoree

Sections

Size: 825KB - Virtual size: 2.5MB

Size: 386B - Virtual size: 956B

Size: 15B - Virtual size: 12B

.imports Size: 512B - Virtual size: 8KB

.DcH Size: 1024B - Virtual size: 8KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.1MB - Virtual size: 3.1MB

.md' Size: 666KB - Virtual size: 665KB

.f/6 Size: 512B - Virtual size: 52B

.xd> Size: 140KB - Virtual size: 139KB

.rsrc Size: 1024B - Virtual size: 956B

.reloc Size: 5KB - Virtual size: 4KB

.imports
Size: 512B - Virtual size: 8KB

.DcH
Size: 1024B - Virtual size: 8KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.1MB - Virtual size: 3.1MB

.md'
Size: 666KB - Virtual size: 665KB

.f/6
Size: 512B - Virtual size: 52B

.xd>
Size: 140KB - Virtual size: 139KB

.rsrc
Size: 1024B - Virtual size: 956B

.reloc
Size: 5KB - Virtual size: 4KB