b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
Size

1.4MB
MD5

a5581c781fc72268be78aa549ed953b0
SHA1

8f86d418454620e3f023e20350ed858c969b183f
SHA256

b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0
SHA512

0ddc6482f799ac18a028a5e562a5857f49f4e03c42360c94d547c1aa481fe2a9413f2afc333fe55ed3457c84516e1a02d2b9a28e1a9fa95c310e45af80c11693
SSDEEP

24576:QiKRwIaFO0p/91x0n2iJC3o5rsGUg7QG7d8xPcDE4cQ2dKnMD/40icCWd:fKGFz9TCC3o5AGT7I0XedKMrI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

resource	yara_rule
sample	vmprotect

resource
b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe

Files

b045fdf8a5da368dd73d89b1fc2c27cee8888feb307ea8e9235e30f7f62c28a0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

fd543c15f77bea43b614edad497cc461

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamProperty

ws2_32

inet_ntoa

kernel32

GetVersionExA
GetVersion
FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ValidateRect

gdi32

GetSystemPaletteEntries

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

shell32

DragAcceptFiles

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_DragShowNolock

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd543c15f77bea43b614edad497cc461

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 492KB

.rdata Size: - Virtual size: 72KB

.data Size: - Virtual size: 187KB

.vmp0 Size: - Virtual size: 828KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 284KB - Virtual size: 280KB

.text
Size: - Virtual size: 492KB

.rdata
Size: - Virtual size: 72KB

.data
Size: - Virtual size: 187KB

.vmp0
Size: - Virtual size: 828KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 284KB - Virtual size: 280KB