bd7f77dad8851e78e5e897b6d29b6e80_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd7f77dad8851e78e5e897b6d29b6e80_NeikiAnalytics
Size

2.9MB
MD5

bd7f77dad8851e78e5e897b6d29b6e80
SHA1

dbe5b486c8300cbe3e503afc5dbc587da77ddab2
SHA256

37615dde4fa729aafe0a2ba3a599632cf6af0c7c0cbbe621eb1fd6ef75bc7fbf
SHA512

08a18c44f8bdd68468777bcb7c0a32b7f5922768c231f07d58b210a38aa84cdd65a35f6536cf6ed5bd40c415f92f3998bd4f38e19d411a2ba9d5987a485e6463
SSDEEP

49152:7s+InO+p+z1CweyDh/yJE86A9AvNbprmgaoH1BOK/e+u45WebPTdK:8nnpk1R3xyEAormgpH1BOt+uCWebP5K

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd7f77dad8851e78e5e897b6d29b6e80_NeikiAnalytics

Files

bd7f77dad8851e78e5e897b6d29b6e80_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 14KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ