4123e22dae21c7f3764b69809b991be0_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

4123e22dae21c7f3764b69809b991be0_NEIKI
Size

460KB
MD5

4123e22dae21c7f3764b69809b991be0
SHA1

41c893fc48c4e17fe8f423681d5ba2a702e792ee
SHA256

1780baceb3a7316ce11e18c73634fdcab41810a9e59217498e5d7a6d5883bac5
SHA512

5868444db4d2a9ed7cf77455313b0013502db72224b13ee76ac8bd945cecfb9121d1e13692b74d893b66375a4ae72372aea2ad88d92a3338a5675a28bf194d2b
SSDEEP

6144:eC6yVJmp+5DCKyf9TU7sYw6CMQqT+1WqASC8GPBubB38u77by+w8w+ITHttFr29j:p6wwRHf99r6F61W5SC8GPIbyvpttFY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4123e22dae21c7f3764b69809b991be0_NEIKI

Files

4123e22dae21c7f3764b69809b991be0_NEIKI
.exe windows:4 windows x86 arch:x86

592d389e930172017e0b3c29ae9cbf20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

InvalidateRect
MessageBoxA

gdi32

SetWindowExtEx

comdlg32

GetSaveFileNameA

winspool.drv

OpenPrinterA

advapi32

LookupPrivilegeValueA

shell32

Shell_NotifyIconA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries

olepro32

ord253

oleaut32

VariantClear

wininet

InternetGetLastResponseInfoA

netapi32

Netbios

winmm

sndPlaySoundA

Sections

.text
Size: - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

592d389e930172017e0b3c29ae9cbf20

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

netapi32

winmm

Sections

.text Size: - Virtual size: 371KB

.rdata Size: - Virtual size: 54KB

.data Size: - Virtual size: 95KB

.rsrc Size: 12KB - Virtual size: 26KB

.vmp0 Size: - Virtual size: 216KB

.vmp1 Size: 440KB - Virtual size: 438KB

.reloc Size: 4KB - Virtual size: 256B

.text
Size: - Virtual size: 371KB

.rdata
Size: - Virtual size: 54KB

.data
Size: - Virtual size: 95KB

.rsrc
Size: 12KB - Virtual size: 26KB

.vmp0
Size: - Virtual size: 216KB

.vmp1
Size: 440KB - Virtual size: 438KB

.reloc
Size: 4KB - Virtual size: 256B