neconyd | 04492187f72a9ed4bf04d866667654c0_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04492187f72a9ed4bf04d866667654c0_NeikiAnalytics
Size

52KB
MD5

04492187f72a9ed4bf04d866667654c0
SHA1

f1f8905616f7058dce18afa2fd1b31c76670cdb6
SHA256

cb668f0e6e11632a7d041323a79643917c56e42d423f3c340da0774608b7676d
SHA512

74082fe4a18efc82a70e141bc61452571c849b4b897984d4fa8302e93efc2eb0ab2bc23bba581d1bc7cc5b9685a91b6b09ba34b5c3e9c8012059d51754088e57
SSDEEP

768:uXHPb+71O4G+lpqg6d6uGH3MZVDruM1BH5FiKTsg:qPS7JLpqZd6u5ruM1Ribg

Score

10^/10

upx neconyd

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd family
neconyd

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
04492187f72a9ed4bf04d866667654c0_NeikiAnalytics
unpack001/out.upx

Files

04492187f72a9ed4bf04d866667654c0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE