c0a23dca71486f67cb69a26d25f57050_NeikiAnalytics

General

Target

c0a23dca71486f67cb69a26d25f57050_NeikiAnalytics
Size

176KB
MD5

c0a23dca71486f67cb69a26d25f57050
SHA1

3fc287292fa71361c8e3b502f10c01841fdaed16
SHA256

4edc86029e99087cf38e516c2b42389dfccdb80e5e885876ec27cfb9b9f1c467
SHA512

8cb30d87be9e26b6b41ed990af3e2f2f1d9c401b8315ecb6028a1f4a428228061e2d0c5d2303efb9a561a33e1d569850f20734d11fc17091c381e0c878750781
SSDEEP

1536:Iibq0RPDuVNJBC/a/yf5UFK128It8RVoaq:IidEVfBCSKeT8I6RVoaq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0a23dca71486f67cb69a26d25f57050_NeikiAnalytics

Files

c0a23dca71486f67cb69a26d25f57050_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

6aeea7d2060e9f7c72b68b0cf82468fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetOEMCP
GetACP
lstrcpyA
CloseHandle
TerminateProcess
OpenProcess
ReadFile
GetStringTypeA
Process32First
CreateToolhelp32Snapshot
GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
Sleep
GetCurrentProcessId
Process32Next
LCMapStringW
GetWindowsDirectoryA
LeaveCriticalSection
EnterCriticalSection
CopyFileA
lstrcatA
GetSystemDirectoryA
GetDriveTypeA
SetThreadPriority
CreateThread
GetModuleFileNameA
InitializeCriticalSection
GetCurrentProcess
CreateMutexA
OpenMutexA
GetSystemTime
DeleteFileA
CreateFileA
SetEndOfFile
LCMapStringA
FindClose
FindNextFileA
GetCPInfo
FindFirstFileA
SetFilePointer
FreeEnvironmentStringsW
WideCharToMultiByte
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
GetLastError
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetFileType
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA

user32

EnumWindows
GetWindowTextA
SetCursorPos
GetCursorPos
GetWindowThreadProcessId

ws2_32

htons
gethostbyname
socket
WSAStartup
connect
closesocket
recv
send

Sections

UPX0
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6aeea7d2060e9f7c72b68b0cf82468fa

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

ws2_32

Sections

UPX0 Size: 76KB - Virtual size: 76KB

UPX1 Size: 24KB - Virtual size: 24KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 76KB - Virtual size: 76KB

UPX1
Size: 24KB - Virtual size: 24KB

UPX2
Size: 72KB - Virtual size: 72KB