9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics | Triage

Sharing

General

Target

9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics
Size

72KB
MD5

9f367f475bd6bed5bc886e6d578d5130
SHA1

3dd5c8c54019b93368f19cce69d04a3e51910a01
SHA256

fe97fe4468d5eefa6f5b3df6a6ec4d9d3949b1929a4855801b071f8e3f0519ee
SHA512

1faccc1d663e1eadb8427099cbaeafd7fde29c9f730aa635a336a229f97446aaa4a9330a947786b16cf8f3f482b065c0052600b353b5ef7315a44b5fcd77a899
SSDEEP

1536:DOa2kZ+qcAGVRIcUjmTeyovQe1RLP0sLJtoz9ZDu7GOXTm:DOYZTBORVUjtvR1L96BSXK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics
unpack001/out.upx

Files

9f367f475bd6bed5bc886e6d578d5130_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ