1e1bea6346d8c1bd2f30219558426310_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e1bea6346d8c1bd2f30219558426310_NeikiAnalytics.exe
Size

6.9MB
MD5

1e1bea6346d8c1bd2f30219558426310
SHA1

74554ec959533affce2d62cf03cd02f6a95ff2fb
SHA256

98a4b1517381b48d16499c1e456996ea4c27dd714311fd7f928b3d14b29eed67
SHA512

21e86fb0b5c1aa3e0076cda06e905580febfe35f8ec8f7e7ba51fb86425efac1770c634df4f9a8ae5e901a28a36d2fd3eca8b906c6a5abaaec8bfac4affa2160
SSDEEP

196608:V2FWCjILyoxYPrR0AN/YdMQGvbMWpaxBTfRdVExpFqx:4RImoCjR/gTSHaxBTnV6Sx

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e1bea6346d8c1bd2f30219558426310_NeikiAnalytics.exe

Files

1e1bea6346d8c1bd2f30219558426310_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 636KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 96KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 191KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 41KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ