9cf48f13e31d78cb7244b10cf3393bf0_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9cf48f13e31d78cb7244b10cf3393bf0_NeikiAnalytics.exe
Size

91KB
MD5

9cf48f13e31d78cb7244b10cf3393bf0
SHA1

b45c436cf5c72066f4a4bbdd8b4ec0aae929a886
SHA256

afc7ad2d0190807fdb6a0fbe85de83e4c903c2cd5d525f184e31ee7f24bb76bc
SHA512

944a5c74f830999fcb6fe85ffbac512022e0f791baf627f7e8f4cb0b411fb57940b7b48d78101e6cd56d7755defacd672802b0f4c93d73f946892c5d7e6c15c6
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUswv61XxvEci9vQG9xmX/D562aqQCRg9LKgQO:KQSohsUsW9+a

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9cf48f13e31d78cb7244b10cf3393bf0_NeikiAnalytics.exe
unpack001/out.upx

Files

9cf48f13e31d78cb7244b10cf3393bf0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ