dd47fd27e547528172ac737e30babf70_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd47fd27e547528172ac737e30babf70_NeikiAnalytics
Size

612KB
MD5

dd47fd27e547528172ac737e30babf70
SHA1

16b8e922e75b6e7f619ac44e8291f9c3a8edb5ff
SHA256

1875a074a345927a94314a6905e27a4d54b6d09442dd7038cd8b2b443cbb79e0
SHA512

4be1d6b882b7c1a9859e53136fef6252d55357d3cfb18b56dbce9c0d335192270dd5e0fe37e6093c6f5dbcab64fc0474eac10b959602fcadf47232ac76d168cf
SSDEEP

12288:hBAsu/1OsCzbT7YebtN2rMFpouF0/DD0:mMzEgNPFpoz/0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd47fd27e547528172ac737e30babf70_NeikiAnalytics

Files

dd47fd27e547528172ac737e30babf70_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 372KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE