ad4c0df7a8e4673b0d608d5af450f694bd657e1b6aeba95ac716e497f4445686_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

ad4c0df7a8e4673b0d608d5af450f694bd657e1b6aeba95ac716e497f4445686_NeikiAnalytics.exe
Size

50KB
MD5

f7e85707a655ef8422fd7767b25b8680
SHA1

a83f3790164840f2aab7a0caf8e8dd3c1b1c4214
SHA256

ad4c0df7a8e4673b0d608d5af450f694bd657e1b6aeba95ac716e497f4445686
SHA512

da7fa2374682b5b2e9c8f7dc80822be2b87f8018472bc10b16df07c71f6c03d0168a025794135bba2b0e9c3ec39afd243f35b6a3e2be769a35e562dd57f6c610
SSDEEP

1536:vz0NSu11iIOVlXclzhmx/LU89fpY4lMc5V3:2ScgIO3XclzIxI8/Y4lMY3

Score

7^/10

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

ad4c0df7a8e4673b0d608d5af450f694bd657e1b6aeba95ac716e497f4445686_NeikiAnalytics.exe

Files

ad4c0df7a8e4673b0d608d5af450f694bd657e1b6aeba95ac716e497f4445686_NeikiAnalytics.exe
.sys windows:6 windows x86 arch:x86

2f37ab3524c60217cc6c3f5d66c19ee7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlUnwind
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalMakeBeep

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ