42bc10904593ce7176e771267bc78320_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42bc10904593ce7176e771267bc78320_NeikiAnalytics.exe
Size

4.4MB
MD5

42bc10904593ce7176e771267bc78320
SHA1

f77a21c3300b8f0d8cdb9a4b00926d3ff3db4601
SHA256

3958b5254806b85f0fac2285b495880cebbdebc88963dd1608f49423ac6f455f
SHA512

d9e6c475bcc5684a277956c41fed4247aa7773332d1d67c138902a95e388470c522e776425fd211f1c19cd2c1becb32b8fdc7898d2d1bef2627ebe71e18baa07
SSDEEP

98304:Rlb/aOKBKSQZqwvRihQZZmIG0oUkNp9LhUGSkXK+Gm0rkK4C+RqW:7iBQZqwvRihwoKoUI1CwXGmcktC+Rq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42bc10904593ce7176e771267bc78320_NeikiAnalytics.exe

Files

42bc10904593ce7176e771267bc78320_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 424KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.2MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 80KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ