a0b9ddc89ac681797b89cfffcc1f45a4a2a763d39313a5577585428b7a75c81e_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0b9ddc89ac681797b89cfffcc1f45a4a2a763d39313a5577585428b7a75c81e_NeikiAnalytics.exe
Size

131KB
MD5

473d5c5f2c0f1336dc41d2b42827f820
SHA1

a1f59e23f8cf65913cc3bbdd55bd53f67979688c
SHA256

a0b9ddc89ac681797b89cfffcc1f45a4a2a763d39313a5577585428b7a75c81e
SHA512

8246b950a22b94042baa580ab21d571f1294bf9d1eb3f77ea09299dc17055f0eabb3e98710ecdcad62b5d3ea33f9a93d35bf9d3adaae057bd69dc3bec5d2e001
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q88LqtK0FPUFAqxuP6mM4PgdgdgdFPNr0OWCAD7KK:KQSoCVUFAdP6pP1v2eSX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a0b9ddc89ac681797b89cfffcc1f45a4a2a763d39313a5577585428b7a75c81e_NeikiAnalytics.exe
unpack001/out.upx

Files

a0b9ddc89ac681797b89cfffcc1f45a4a2a763d39313a5577585428b7a75c81e_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ