4e8f36402b5ea6ac1d19298d607d6170_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

4e8f36402b5ea6ac1d19298d607d6170_NeikiAnalytics.exe
Size

126KB
MD5

4e8f36402b5ea6ac1d19298d607d6170
SHA1

1aa2f0a65cc35f4c9899b0e72cffa7a108c07aea
SHA256

cd7f1bb669417ea61954451c538913f210057688c40f78ab4431a48be58ff8fc
SHA512

4acb831f96757b3cb9cb00689c50195c54102bbc90c5613d09caffb6963c60fa5735ef4d19d8a1b71d0d973f26533da6a35fb4b15ddd534c3300ab06317e186b
SSDEEP

3072:q8ZCvutdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7Zsu9:qxvutdgI2MyzNORQtOfl1qNVo7R+S+N9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e8f36402b5ea6ac1d19298d607d6170_NeikiAnalytics.exe

Files

4e8f36402b5ea6ac1d19298d607d6170_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

3db2c1aad06d38a08f2119d789a12991

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
CreateFileA
GetLastError
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
lstrcmpA
lstrlenA
GetTickCount
GetCurrentProcessId
GetCurrentProcess

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject

user32

SendMessageA
ShowWindow
MessageBoxA
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
DestroyWindow
LoadIconA
UpdateWindow
LoadCursorA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE