1b425dd69173a837d5239ad12866d47b01e2c0a0b2263f2e55d269ee6d2d0cf1_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b425dd69173a837d5239ad12866d47b01e2c0a0b2263f2e55d269ee6d2d0cf1_NeikiAnalytics
Size

185KB
MD5

6c2adbebdfd9f394da88e6c7a9711400
SHA1

c6e89eb8afe91f3a7d51dd8ddc3d8e98aa867123
SHA256

1b425dd69173a837d5239ad12866d47b01e2c0a0b2263f2e55d269ee6d2d0cf1
SHA512

753d0a56acb5788a2f32a771290af6e7cc9f75039d91567ac0d70b2d8f9ac2df6030066aa594dd2d4bea8fc1b420855f70803adda6f26c57128423f5a89e0561
SSDEEP

3072:hfAIuZAIuYSMjoqtMHfhfqng6W2QZwKS7D:hfAIuZAIuDMVtM/x2ZKS7D

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
1b425dd69173a837d5239ad12866d47b01e2c0a0b2263f2e55d269ee6d2d0cf1_NeikiAnalytics
unpack001/out.upx

Files

1b425dd69173a837d5239ad12866d47b01e2c0a0b2263f2e55d269ee6d2d0cf1_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ