4344a3c635f350c3a7e4f2ab713916f0_NEIKI | Triage

Sharing

General

Target

4344a3c635f350c3a7e4f2ab713916f0_NEIKI
Size

81KB
MD5

4344a3c635f350c3a7e4f2ab713916f0
SHA1

3a5974a899c18b3ed041481283d53078fc111b8c
SHA256

d9fbb60db42cfec8c07c289aa575a0891a9d73e3d8a17efb065659d05e1ef420
SHA512

a71d01b2d481ed8cca4b9f63cfb76c1e9f2fcd27cab696a21420cca0a8be21e5bd5138b2070a3e44c5e0184112f39de1a042171fd3de2699da9a856c2982cf59
SSDEEP

1536:vZskKD/x/5CXpArIHXjSajlor/BC6UmX96xXabrNskzyX1:vZskK/xeAqeajlM/BmJ71

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4344a3c635f350c3a7e4f2ab713916f0_NEIKI
unpack001/out.upx

Files

4344a3c635f350c3a7e4f2ab713916f0_NEIKI
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ