a48c83e71f4f06ae8c67d69281ff856dc108840aaca6481e92edec4aecf28268_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a48c83e71f4f06ae8c67d69281ff856dc108840aaca6481e92edec4aecf28268_NeikiAnalytics.exe
Size

4.1MB
MD5

ac9276c01782d2579bec0133b2ed0aa0
SHA1

02714ee2e7ac9b5fed938a209dbe084d35070d6a
SHA256

a48c83e71f4f06ae8c67d69281ff856dc108840aaca6481e92edec4aecf28268
SHA512

dce6fe4e65224d03fd4ac39b3b3e25cb78cd1c405c7ff3d5ad108b2bb73bd796084499c27e80999b35ccfcf720802105bdbde75912dfecc0dfe2d96da450fd6f
SSDEEP

98304:qKPAcaeLupA1/EKGvGzgtYNGuURPthIJO9:q8Acakup4//B6SD8LIJQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a48c83e71f4f06ae8c67d69281ff856dc108840aaca6481e92edec4aecf28268_NeikiAnalytics.exe

Files

a48c83e71f4f06ae8c67d69281ff856dc108840aaca6481e92edec4aecf28268_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 327KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 62KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 145KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ