urelas | f782f5e658174a7306f37f5fbcb7ea50_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f782f5e658174a7306f37f5fbcb7ea50_NeikiAnalytics
Size

553KB
MD5

f782f5e658174a7306f37f5fbcb7ea50
SHA1

34677a74464e75f93adfa96e46d191106ba69093
SHA256

ff2e7bb08528fa7d744231b2a2865ec02a73a4606a710be931670a60e11e284c
SHA512

5e579b8b4bea053ecfe307956f75d06f10ddb5f86bd4a93ac60d61da428b468cc32a0463cff4b59cce20c515e5be000a71a8d18985aa1e6bb8e57ccb779fe4b0
SSDEEP

6144:XqXAoQT5Tr9R0HN/3w36EnCYLTczqMgknE/QhyjxJBErrZAWkPW5oeNtLjhtAWCy:6QRI/3w36EnCYcBE/iydJai/WZtT

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f782f5e658174a7306f37f5fbcb7ea50_NeikiAnalytics

Files

f782f5e658174a7306f37f5fbcb7ea50_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 186KB - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 325KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE