70f31682e545a365a1b518732620e0f97f9be79d2a45c65b2ed3488c299c2b9b_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70f31682e545a365a1b518732620e0f97f9be79d2a45c65b2ed3488c299c2b9b_NeikiAnalytics.exe
Size

84KB
MD5

3ab4adf59cc9fafdd78b3e331df41bf0
SHA1

e8fffe6f35a692c1c6ac1449c0fe7c79dee3ab1e
SHA256

70f31682e545a365a1b518732620e0f97f9be79d2a45c65b2ed3488c299c2b9b
SHA512

81bb837900dc4c63998f5ff3e9b9153a6315e6b577c717326dc12fb09afc508f081da64382184c247bc2dd4805d92d6eb350323819faa46ab7211cf4eb0d26d7
SSDEEP

1536:SVg+tYYoQpoe1a255FNsPrhCl2TyVKi+pFjW3Oe7GnyphUnC:wJNxr1aE5FNs02TDtjW3Oe7G86C

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70f31682e545a365a1b518732620e0f97f9be79d2a45c65b2ed3488c299c2b9b_NeikiAnalytics.exe

Files

70f31682e545a365a1b518732620e0f97f9be79d2a45c65b2ed3488c299c2b9b_NeikiAnalytics.exe
.sys windows:6 windows x86 arch:x86

621035f939a89d24a029ff9852d1c1ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalMakeBeep

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 284B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ