04d5d577385076c38eec7974e4a4c8fd3c9c6d1f19ce18e75a0f4b71ec13208c_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04d5d577385076c38eec7974e4a4c8fd3c9c6d1f19ce18e75a0f4b71ec13208c_NeikiAnalytics.exe
Size

1.4MB
MD5

560baf5a0cd4ddf48dd97b23650ba7f0
SHA1

4cbecf12633fdf9e14f97ed8c3ee514001caaca8
SHA256

04d5d577385076c38eec7974e4a4c8fd3c9c6d1f19ce18e75a0f4b71ec13208c
SHA512

017e94f22d103f8d7479589c900d084ad2b8824df28a659670a26afffaf433fe7f80d2a176cde8a885dd1dd05fa34fbd17bdd1f2e6590418c4b5511d7392909c
SSDEEP

24576:wCJV8sPfPCKr9TSqjx9eb/p3wrbQ0OMVRCU4jvjghnC0OAJC:wCJyo3LrFPO/NsbQtVhjvjgBCfn

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04d5d577385076c38eec7974e4a4c8fd3c9c6d1f19ce18e75a0f4b71ec13208c_NeikiAnalytics.exe

Files

04d5d577385076c38eec7974e4a4c8fd3c9c6d1f19ce18e75a0f4b71ec13208c_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??4CPEAS@@QAEAAV0@ABV0@@Z
GETMAC
LOGIN
ONLINE
POST
SETBid
SETUP
SETUPEx
_CryFileMD5@4
_Test@8
_add@8
_substr@4

Sections

.text
Size: 547KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 309KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 46KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE