neconyd | af66f172902b164b9782d02f2db0dd3ee78b8db3a9430ec8497c8e90f9d956d4N

Sharing

Copy URL Twitter E-mail

General

Target

af66f172902b164b9782d02f2db0dd3ee78b8db3a9430ec8497c8e90f9d956d4N
Size

248KB
MD5

4cccbd9d405027c08558180a8a1e4420
SHA1

d82108c78faf6e09b6237edfc460ddf4fe7e847a
SHA256

af66f172902b164b9782d02f2db0dd3ee78b8db3a9430ec8497c8e90f9d956d4
SHA512

36ab1550cd39681c7be0be754f0cf25bd5996113c9c3662bb4067c5d141113febbae2d1145445352cc1be95f6d3bb3586d07ce4251653567b5ac2dedae424faa
SSDEEP

1536:j4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:jIdseIO+EZEyFjEOFqTiQmGnOHjzU

Score

10^/10

upx neconyd

Malware Config

Extracted

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd family
neconyd

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af66f172902b164b9782d02f2db0dd3ee78b8db3a9430ec8497c8e90f9d956d4N

Files

af66f172902b164b9782d02f2db0dd3ee78b8db3a9430ec8497c8e90f9d956d4N
.exe windows:4 windows x86 arch:x86

b6ad8e85304192a027658f6e227d5e36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapReAlloc
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
HeapCreate
CopyFileW
CreateThread
WaitForMultipleObjects
GetTickCount
DeleteFileW
CreateProcessW
SetUnhandledExceptionFilter
ExitProcess
GetLastError
LoadLibraryW
GetProcAddress
Sleep
VirtualProtect
GetPrivateProfileIntW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
FindFirstFileW
SetFilePointer
SetEndOfFile
GetVersionExW
HeapAlloc
SetWaitableTimer
SystemTimeToFileTime
CreateWaitableTimerW
FindNextFileW
HeapFree
ReadFile
GetModuleFileNameW
GetFileTime
WaitForSingleObject
GetTimeZoneInformation
CreateFileW
CloseHandle
GetFileSizeEx
VirtualFree
GetProcessHeap
GetCurrentDirectoryW
VirtualAlloc
VirtualQuery
GetSystemTime
GetFileSize
FindClose
WriteFile
GetLocalTime
GetModuleHandleW
GetCommandLineW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateInstance
OleInitialize
CoInitialize

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

shell32

SHGetFolderPathW

shlwapi

StrStrIW
PathMatchSpecW
PathCombineW
wvnsprintfW
StrStrIA
PathRemoveFileSpecW

user32

GetWindowLongW
DispatchMessageW
GetForegroundWindow
CharLowerW
CreateWindowExW
FindWindowW
PeekMessageW
SetForegroundWindow
GetSystemMetrics
MessageBoxW
SetWindowPos
SetWindowLongW
SetParent

wininet

HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetSetPerSiteCookieDecisionW
InternetOpenUrlW
InternetAttemptConnect
InternetOpenW
InternetReadFile
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetQueryDataAvailable
InternetSetOptionW

Sections

UPX0
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

b6ad8e85304192a027658f6e227d5e36

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shell32

shlwapi

user32

wininet

Sections

UPX0 Size: 136KB - Virtual size: 136KB

UPX1 Size: 36KB - Virtual size: 36KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 136KB - Virtual size: 136KB

UPX1
Size: 36KB - Virtual size: 36KB

UPX2
Size: 72KB - Virtual size: 72KB