36db6411901b032d1c0ee031919e2eb7b5ceede4a30da9a4d97f5ec5720042e1_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

36db6411901b032d1c0ee031919e2eb7b5ceede4a30da9a4d97f5ec5720042e1_NeikiAnalytics.exe
Size

7.8MB
MD5

e2f80e8f3e86ff78d09e067e17ee3490
SHA1

63d763a8d77cd0289bb57ae33088bf47537cab85
SHA256

36db6411901b032d1c0ee031919e2eb7b5ceede4a30da9a4d97f5ec5720042e1
SHA512

64688b4ec1918aa43a24b88631aacdb956208f246804a3b1eb97f6b746d5b27d99c05813d0d695d73badbdf0c6f5dc4ea731ec840ebf74a9f0cdc8e0cde3eeb9
SSDEEP

196608:j9jwtAaVkD+HNgkF6DGBIBmJx9KSGONOA:Bj/WNv6DGBx9KSj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36db6411901b032d1c0ee031919e2eb7b5ceede4a30da9a4d97f5ec5720042e1_NeikiAnalytics.exe

Files

36db6411901b032d1c0ee031919e2eb7b5ceede4a30da9a4d97f5ec5720042e1_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 384KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 18.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ