urelas | c6761f9525487fd6a348be1a4474e210_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6761f9525487fd6a348be1a4474e210_NEIKI
Size

557KB
MD5

c6761f9525487fd6a348be1a4474e210
SHA1

1be45995fe4db69ffd268df7874ec994aa1ed725
SHA256

54f5fad1e7cb913d10cbdee3fa2db0ffeb03e8cfd0ee87b8f2a11577b74d42d8
SHA512

77628747b54f016bc1a279465a545677634e6dbc36efa296fa0432924dd22c175c4dc3edc76670f78bd3790bca0d713759aef435b31d55181ca83ff3fa98dc7c
SSDEEP

6144:XqXAoQT5Tr9R0HN/3w36EnCYLTczqMgknE/QhyjxJBErrZAWkPW5oeNtLjhtAWCV:6QRI/3w36EnCYcBE/iydJai/WZtk

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6761f9525487fd6a348be1a4474e210_NEIKI

Files

c6761f9525487fd6a348be1a4474e210_NEIKI
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 186KB - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 325KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE