General
-
Target
cfa428d5cd203b4a21a0b1d8c54363c0_NeikiAnalytics.exe
-
Size
50KB
-
MD5
cfa428d5cd203b4a21a0b1d8c54363c0
-
SHA1
7f6f8c1a103c91d06594e0e89d8e99036c1c562d
-
SHA256
e39b3a07363fedf31e1187233bd0744014a91675a49e23745c20398f2abb8a73
-
SHA512
73dbd4d6e3fbc01399a362f2845f6f92ee577b58ac429d01420705810c4aeed4cead1d6b5ea1afce7ef60a2949ee1a36dfebbf2a6435e87f5c078057b1b0d364
-
SSDEEP
1536:e0NSu11iIOVlXclzhmx/LU89fpY4lMc5V3:rScgIO3XclzIxI8/Y4lMY3
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cfa428d5cd203b4a21a0b1d8c54363c0_NeikiAnalytics.exe
Files
-
cfa428d5cd203b4a21a0b1d8c54363c0_NeikiAnalytics.exe.sys windows:6 windows x86 arch:x86
2f37ab3524c60217cc6c3f5d66c19ee7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlUnwind
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
HalMakeBeep
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1020B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ