a7f42b4bd0db333b5132bd846cb57f70_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7f42b4bd0db333b5132bd846cb57f70_NeikiAnalytics
Size

4.4MB
MD5

a7f42b4bd0db333b5132bd846cb57f70
SHA1

c03622f7783dd5d0a5f79aa4a8b57380db5c2d09
SHA256

9968d44ade4ad846a2b107d9ead1e2250cc22f31b6caa126755e895ce282286b
SHA512

26f39bd7ec05060f3e18e5af2b32867a2da8343f36bb2362b55bd3a84121607783f9a73bdd9169dcd33ffc9273cb13a438a38af4fb853855bcb6275a57c925b5
SSDEEP

98304:7esPaQJGLxTA7RNyHjPBRPLOKz8Lx1Opk37V2f0sxbZ3hOOK05:7NGlAuTBRTO8OD3wfJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7f42b4bd0db333b5132bd846cb57f70_NeikiAnalytics

Files

a7f42b4bd0db333b5132bd846cb57f70_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.2MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ