ddf0ba6df56395720dbf32728e2d3370_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ddf0ba6df56395720dbf32728e2d3370_NEIKI
Size

1.0MB
MD5

ddf0ba6df56395720dbf32728e2d3370
SHA1

eabe06aa05a95c06a51d79f0d9d343d8f4025d98
SHA256

64e4800fd2e9c7207b462f68a2a6e7c3e3906800738f303b0efb565fc59104d7
SHA512

415b880a043056982578f26ff8474cca6651853b88ea663a6c17a3a182e78ac8978e0ac02db4a71d3b9d61a01692421c767d9785dd471304b7305e2cf1071ccc
SSDEEP

24576:JBGMzTeQ8/CXX9j8fR3ck9OAF3xfsveE91Lm+BMFu8S:PlzTc/CXXd8d9OAFBYeE9lL0uD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddf0ba6df56395720dbf32728e2d3370_NEIKI

Files

ddf0ba6df56395720dbf32728e2d3370_NEIKI
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.btnj
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE