4185d89d6bbb7164f1c8ae86dae3ef10_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

4185d89d6bbb7164f1c8ae86dae3ef10_NeikiAnalytics
Size

117KB
MD5

4185d89d6bbb7164f1c8ae86dae3ef10
SHA1

906a1118ddf69d1cb59318535d9bc104356b143a
SHA256

e081131b8d705854e7ff30af92bccfc51f1648e26bfc8f37907bcd22ab3ef6c0
SHA512

071799554b879fd64b92f924374bd60e4679d6512fe1e696fdbaa24b9521ba257934383f0367a14652239cdba0ac00d4e3a34eab04415f18449fa2ba803cf3cf
SSDEEP

384:h6jZEQOpXwf4MZtacXr/BS7bGhb05ZBz4ThVM5YCrveZ1ojpyZoaOkLh79gR7gR7:g7467A2hir4TvMyCrKTCa7y7W4k

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4185d89d6bbb7164f1c8ae86dae3ef10_NeikiAnalytics

Files

4185d89d6bbb7164f1c8ae86dae3ef10_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

705736f5a833630468844632311bb1ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
ExitThread
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProfileStringW
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathA
GetTempPathW
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadResource
LocalFileTimeToFileTime
LocalFree
LockFile
LockFileEx
LockResource
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MulDiv
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
PulseEvent
QueryPerformanceCounter
QueueUserAPC
ReadConsoleOutputCharacterA
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
SetConsoleCursorPosition
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetNamedPipeHandleState
SetThreadAffinityMask
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SleepEx
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
UnmapViewOfFile
VirtualLock
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile

pdh

PdhCloseLog

user32

GetMessageA
LoadIconA
RegisterClassA

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

705736f5a833630468844632311bb1ad

Headers

File Characteristics

Imports

kernel32

pdh

user32

Sections

UPX0 Size: 24KB - Virtual size: 24KB

UPX1 Size: 12KB - Virtual size: 12KB

.rsrc Size: 76KB - Virtual size: 76KB

UPX0
Size: 24KB - Virtual size: 24KB

UPX1
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 76KB - Virtual size: 76KB