Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
f84929dfaa692a68ce0e7b6490088be0_NEIKI.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f84929dfaa692a68ce0e7b6490088be0_NEIKI.exe
Resource
win10v2004-20240508-en
General
-
Target
f84929dfaa692a68ce0e7b6490088be0_NEIKI
-
Size
340KB
-
MD5
f84929dfaa692a68ce0e7b6490088be0
-
SHA1
2d58e67d5a29a10a15225528001fc18e24b8206a
-
SHA256
3e0317abd5467a5d34f1caf53dc6b1593820686dbb727408a70aa24b45e95640
-
SHA512
256f504eb76a27f82c82249d3b41d7b94b53f0a27157b8b84b2554a49c4907f0e180cd655614e1cd6035a5aceaea7899778bd05dfbdbfcb053e246fe13d1e212
-
SSDEEP
6144:sVj/7nTQ2kzjVS7L1UHAp3LaNWzhkEUrll9jIRkyI1LVHpDTS6MgpEogpYYDhCNH:sB7nTczjo7L1Ug9gehkLBnjDrMGEogp6
Malware Config
Signatures
-
resource yara_rule sample aspack_v212_v242 -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f84929dfaa692a68ce0e7b6490088be0_NEIKI
Files
-
f84929dfaa692a68ce0e7b6490088be0_NEIKI.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 289KB - Virtual size: 728KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DATA Size: 8KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 23KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.aws Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE