4b8bbde431c81e4649b4e4c9ce3c1a30_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b8bbde431c81e4649b4e4c9ce3c1a30_NeikiAnalytics
Size

141KB
MD5

4b8bbde431c81e4649b4e4c9ce3c1a30
SHA1

e610f7d058cc9deb5fa60c0fa66bfb90fc5fec54
SHA256

4db9059b4bee52bfc6c5a6449d0dbe35f11b9c233241fe957030015f715d0dec
SHA512

8fecb1f82a9a86fbe9c6e462a8639c9df6da63251185c6079a0572c0baaea7d6f4d3192141b1548ba51c9c4f3ac0bacb1afe3f90dd3cb34528b520a7268836ac
SSDEEP

3072:8ulR7wp7bw6zIqFiZ/Y6D1mwfGSEpsXcCZ0a/ElakJ+OWY:HlRu9sqFUfIvSE+5Z0vlakwB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4b8bbde431c81e4649b4e4c9ce3c1a30_NeikiAnalytics
unpack001/out.upx

Files

4b8bbde431c81e4649b4e4c9ce3c1a30_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 680KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 696KB - Virtual size: 694KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ