4e0c5ea97d5eb9daa966fd22ed010c7557d388ef75c8933b8e507152109b302c_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e0c5ea97d5eb9daa966fd22ed010c7557d388ef75c8933b8e507152109b302c_NeikiAnalytics.exe
Size

4.4MB
MD5

31bba8b543436b0696973f9c47d49510
SHA1

36a8cff499b1efd947a562e9199aa6a1690aac17
SHA256

4e0c5ea97d5eb9daa966fd22ed010c7557d388ef75c8933b8e507152109b302c
SHA512

cc96ad269bc4cb15325cc3315b1022b9d3138c73ce33f08c52bdc8aa30141040cad4d1b3ac86b79cd30a818279cfc727fcbc035d3e616d7cac9648d930a66632
SSDEEP

98304:2P1Rd2sG5tv3UiNRXk+Xh658wLEHIcDR30e8u5lFcxU6z1kbtM:2Prd2swvkkdpXQ/IHIu30e1ixXkb+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e0c5ea97d5eb9daa966fd22ed010c7557d388ef75c8933b8e507152109b302c_NeikiAnalytics.exe

Files

4e0c5ea97d5eb9daa966fd22ed010c7557d388ef75c8933b8e507152109b302c_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 252KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 300KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ