13dd6acb35536918ba8d6ac81c08191f336fa519a9b9e9a557d3a8f5312c6c27_NeikiAnalytics[.]cab

Sharing

Copy URL Twitter E-mail

General

Target

13dd6acb35536918ba8d6ac81c08191f336fa519a9b9e9a557d3a8f5312c6c27_NeikiAnalytics.cab
Size

2.8MB
MD5

f57ede9711586c3f299e5207fefa0290
SHA1

28e186e50fa3b12fdb8b8d5ae33801c9a39ad958
SHA256

13dd6acb35536918ba8d6ac81c08191f336fa519a9b9e9a557d3a8f5312c6c27
SHA512

11d4fe8e9dce526394a7b08bdabf6eb07f7df263b7e59c50f3707baf40a36c8a9271cc855f518fb681d908bcc0c20f9c1376d88bc6dfb6673f2d81d6848743b2
SSDEEP

49152:pN+RN9jgtr+cN11cjNM373Z9+0O4CbKYrm77L/0H77bZfhiChQbGLV8WZnLIe9Wq:b+JjgUcP1cj67K0OdbPc7LW7bZFhPB8e

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Bin/conf_uis/Shablons.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Bin/conf_uis/Shablons.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bin/LogBook.dll
unpack001/Bin/Tools_UIS.dll
unpack001/Bin/conf_uis/Conf_uis.dll
unpack001/Bin/conf_uis/Shablons.dll
unpack002/out.upx
unpack001/Bin/kav.dll

Files

13dd6acb35536918ba8d6ac81c08191f336fa519a9b9e9a557d3a8f5312c6c27_NeikiAnalytics.cab
.cab
Bin/LogBook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Dll_Execute

Sections

CODE
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 835KB - Virtual size: 835KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/Tools_UIS.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Dll_Execute

Sections

CODE
Size: 910KB - Virtual size: 909KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/conf_uis/Conf_uis.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Dll_Execute

Sections

CODE
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/conf_uis/Shablons.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Proc1357
Proc1359
Proc45743

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 111B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/conf_uis/category.ini
Bin/conf_uis/conf_uis.ini
Bin/conf_uis/conf_uis.pfd
Bin/conf_uis/regions.ini
Bin/conf_uis/uchr.ini
Bin/kav.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Dll_Execute

Sections

CODE
Size: 787KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Info.cfg
.xml
��.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 1.0MB - Virtual size: 1.0MB

DATA Size: 11KB - Virtual size: 10KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 74B

.reloc Size: 67KB - Virtual size: 66KB

.rsrc Size: 835KB - Virtual size: 835KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 910KB - Virtual size: 909KB

DATA Size: 10KB - Virtual size: 10KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 76B

.reloc Size: 58KB - Virtual size: 58KB

.rsrc Size: 666KB - Virtual size: 666KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 727KB - Virtual size: 726KB

DATA Size: 10KB - Virtual size: 9KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 75B

.reloc Size: 49KB - Virtual size: 48KB

.rsrc Size: 279KB - Virtual size: 279KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 28KB - Virtual size: 27KB

DATA Size: 1024B - Virtual size: 1016B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 111B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 787KB - Virtual size: 787KB

DATA Size: 8KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 70B

.reloc Size: 56KB - Virtual size: 56KB

.rsrc Size: 49KB - Virtual size: 49KB

CODE
Size: 1.0MB - Virtual size: 1.0MB

DATA
Size: 11KB - Virtual size: 10KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 74B

.reloc
Size: 67KB - Virtual size: 66KB

.rsrc
Size: 835KB - Virtual size: 835KB

CODE
Size: 910KB - Virtual size: 909KB

DATA
Size: 10KB - Virtual size: 10KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 76B

.reloc
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 666KB - Virtual size: 666KB

CODE
Size: 727KB - Virtual size: 726KB

DATA
Size: 10KB - Virtual size: 9KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 75B

.reloc
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 279KB - Virtual size: 279KB

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 28KB - Virtual size: 27KB

DATA
Size: 1024B - Virtual size: 1016B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 111B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

CODE
Size: 787KB - Virtual size: 787KB

DATA
Size: 8KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 70B

.reloc
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 49KB - Virtual size: 49KB