Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
516dbf02e952c1ccf4ecab95d043aa40_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
516dbf02e952c1ccf4ecab95d043aa40_NeikiAnalytics.exe
-
Size
2.3MB
-
MD5
516dbf02e952c1ccf4ecab95d043aa40
-
SHA1
9c9feabdbe3416681d006b2e0118d1774a657e66
-
SHA256
176842e30e800fa55327e62cf00713c24967061772f68cd0bcb6c07ca713b2ed
-
SHA512
591e490cf752cf36ef8842491ef17d42ab462acd99e835e130d836bc2b570e46d66cff73c784d5383ff219869d31c1e9b0e8faf816c95200730df7b1f46b1dd4
-
SSDEEP
49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6St1lOqIucI1WAO:BemTLkNdfE0pZrwv
Malware Config
Signatures
-
KPOT Core Executable 1 IoCs
resource yara_rule sample family_kpot -
Kpot family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample xmrig -
Xmrig family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 516dbf02e952c1ccf4ecab95d043aa40_NeikiAnalytics.exe
Files
-
516dbf02e952c1ccf4ecab95d043aa40_NeikiAnalytics.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 724KB - Virtual size: 3.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 272KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE