88adca49ff5e374d5df530560f17cd80_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

88adca49ff5e374d5df530560f17cd80_NeikiAnalytics.exe
Size

9.1MB
MD5

88adca49ff5e374d5df530560f17cd80
SHA1

fef4b5597fe55e88d4748406912555716f57f269
SHA256

efa0842770eca8b14e8ac7e4e113ed598c696d59eeb763d43db3d43ed4886cbc
SHA512

ecf35b5a83f4a1835aff522cac7d2d13958439e9fb61e5d69fbe8aff940b46fa892724b5f0fdd903d47b6cbd71e690bf8f22f3f74a95a68ef84462f05213976d
SSDEEP

98304:Jdzd/fylGqgTQoaJDEy06iTgcXi3/SGOLWt9ApeiIP/q7pC+CeTBdqUYBuKLpd7t:p68PQoafHeTnqUMuKLvPYbHeAKh4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88adca49ff5e374d5df530560f17cd80_NeikiAnalytics.exe

Files

88adca49ff5e374d5df530560f17cd80_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

fc217fab9573d7f4d7483172db58e8ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

kernel32

FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

shell32

ShellExecuteW

user32

MessageBoxW

ucrtbase

wcstoul
_wtoi
calloc
_set_new_mode
free
_callnewh
malloc
setlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
_unlock_locales
__setusermatherr
_invalid_parameter_noinfo_noreturn
_Exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
abort
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
__p___argc
__acrt_iob_func
fputwc
__p__commode
_set_fmode
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf
toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s
_gmtime64_s
_time64
wcsftime

Sections

.text
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.SCY
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc217fab9573d7f4d7483172db58e8ce

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shell32

user32

ucrtbase

Sections

.text Size: 90KB - Virtual size: 92KB

Size: 35KB - Virtual size: 40KB

Size: 2KB - Virtual size: 8KB

Size: 5KB - Virtual size: 8KB

Size: 512B - Virtual size: 4KB

Size: 1024B - Virtual size: 4KB

Size: 243KB - Virtual size: 244KB

.imports Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 243KB - Virtual size: 244KB

.themida Size: 5.5MB - Virtual size: 5.5MB

.boot Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 512B - Virtual size: 4KB

.SCY Size: 3KB - Virtual size: 4KB

.text
Size: 90KB - Virtual size: 92KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 243KB - Virtual size: 244KB

.themida
Size: 5.5MB - Virtual size: 5.5MB

.boot
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 512B - Virtual size: 4KB

.SCY
Size: 3KB - Virtual size: 4KB