2422cf06e59300529bd3ee29cf1ee9a0_NeikiAnalytics | Triage

Sharing

General

Target

2422cf06e59300529bd3ee29cf1ee9a0_NeikiAnalytics
Size

183KB
MD5

2422cf06e59300529bd3ee29cf1ee9a0
SHA1

8891b8d7ddfa486c12f5f4f985988aacca3b0ac4
SHA256

c4d892adfe27463cfc9c55d9120d04214981049c7dcd87700d7b387e6dcb28f1
SHA512

c8384e26347d07cf7e5b0baf78223ac6a4dd6e3113a493d6b2eea9df4a3b274f794b04bd4268a1dd59d23f5f1d7b310e5e15f219022d4d1e2713cab74de649c6
SSDEEP

3072:hfAIuZAIuYSMjoqtMHfhf69iMGfUSaOy9SnJUwFU+FUhFUeFUXFUqyqKRrpF6PwI:hfAIuZAIuDMVtM/E9iMGsSaOyij

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2422cf06e59300529bd3ee29cf1ee9a0_NeikiAnalytics
unpack001/out.upx

Files

2422cf06e59300529bd3ee29cf1ee9a0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ