1e2c6171b3b74faf40bd892669d47bd0_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e2c6171b3b74faf40bd892669d47bd0_NEIKI
Size

3.8MB
MD5

1e2c6171b3b74faf40bd892669d47bd0
SHA1

f03f8607bd9115311927e71702d98f469ee62b37
SHA256

d05ab446e2e1fd65b857278075b07bf0032340cf873c082c689ffa5726e75699
SHA512

907e81d423a6fadef3ecc8df5f03888162412fceeed787c39e4411fb484c0122af02d71d5639148796f8b2d315fa19144f06df4a153750183c39f602e719dd67
SSDEEP

98304:qPCjcw5bewoPJ2haL7AbEUGsCLJRPJ2rhry:s2cw5nzoL7AbtGsYrO5y

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e2c6171b3b74faf40bd892669d47bd0_NEIKI

Files

1e2c6171b3b74faf40bd892669d47bd0_NEIKI
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 41KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ