neconyd | 4b091731c246941c49e621c127780930_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b091731c246941c49e621c127780930_NeikiAnalytics
Size

52KB
MD5

4b091731c246941c49e621c127780930
SHA1

217d15342c842197734e028efae684adb3e22ca0
SHA256

49ff26a1baa57e7d23a172f276c3740577e6cb47c802b1421b0982ff46743b6a
SHA512

5a794943bf86dbc89d1a8569a8406faa40e5d3403f5f5210d802269e64faafafe5a87cf3346f51e0aacd475ca76509248682d2e8a134f8b75f849ef7f9961eb9
SSDEEP

768:3XHPb+71O4G+lpqg6d6uGH3MZVDruM1BH5FiKTsg:nPS7JLpqZd6u5ruM1Ribg

Score

10^/10

upx neconyd

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd family
neconyd

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4b091731c246941c49e621c127780930_NeikiAnalytics
unpack001/out.upx

Files

4b091731c246941c49e621c127780930_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE