c75fab7f9b246a747fece7f000029790_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c75fab7f9b246a747fece7f000029790_NeikiAnalytics.exe
Size

99KB
MD5

c75fab7f9b246a747fece7f000029790
SHA1

23c0d6acf415fb936c4bfa5634397b02a5b7aec7
SHA256

630dc3f8fbb771c6390705e3664ff916d50919f1ce6293fe8c715c953bc96d43
SHA512

792f5d825a598a3b553d67b576b23e2e6327bf3b566ee74fd0ba3318cdf5075f5c5ba9556e12b738068e05bd85e65587ac6b4888a594f3e3713b2f26db9fec08
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8Qe+eHT75T7pTWn1++PJHJXA/OsIZfzc3/Q8Qe+Y:KQSoDe+eXQSoDe+e1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c75fab7f9b246a747fece7f000029790_NeikiAnalytics.exe
unpack001/out.upx

Files

c75fab7f9b246a747fece7f000029790_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ