c090a5088d0f0d7f1456d7dd27a27b30_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c090a5088d0f0d7f1456d7dd27a27b30_NeikiAnalytics
Size

793KB
MD5

c090a5088d0f0d7f1456d7dd27a27b30
SHA1

8965feb3168041a7f1c9fb50dd0264554cc80ce5
SHA256

4a221081b59f9897ecb578c0f2e74b0dc62089b9a574191b148d47b5d24d1af1
SHA512

c8fe3b5b3778855d1b8e6bceede6d3e78ff7c6986cca3abc2c4ed76633843ae74ec2004cc826befc189ce20afb1f26695066771a794ac028896d1ff9f7d7ba7d
SSDEEP

3072:hfAIuZAIuYSMjoqtMHfhf5SskYkZMGZqceyYDIqCdIwHSwO5li:hfAIuZAIuDMVtM/XSMOPgc+1i

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c090a5088d0f0d7f1456d7dd27a27b30_NeikiAnalytics
unpack001/out.upx

Files

c090a5088d0f0d7f1456d7dd27a27b30_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ