redline | 4b57079841211c3373e8bbce31ef2ddd9fd2bf416788e62fd3527aabf4d4fbf9_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4b57079841211c3373e8bbce31ef2ddd9fd2bf416788e62fd3527aabf4d4fbf9_NeikiAnalytics.exe
Size

4.7MB
MD5

ea47a71d237dee5c2ff5786bad9b5280
SHA1

f64c489b5bf9215419a917449b07f08d45610eb7
SHA256

4b57079841211c3373e8bbce31ef2ddd9fd2bf416788e62fd3527aabf4d4fbf9
SHA512

c270d8fb255b5c0aa2a6565ea20d775356d94bea0094debddfc8024e360ff95c849df488eb10e2741511199d1c000d615487b55ede3924e9aedcbb0b912c8b25
SSDEEP

98304:dy53AUhplQIpPWPyfTrVMBmcbyJNjL5etEkmwhGRis0Io:dDULlPWq/CBJGHSdmwhGRo

Score

10^/10

themida redline

Malware Config

Signatures

Redline family
redline
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

4b57079841211c3373e8bbce31ef2ddd9fd2bf416788e62fd3527aabf4d4fbf9_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

Issuer

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

Not Before

17-02-2017 00:12

Not After

31-12-2039 23:59

Subject

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

86:44:07:ec:dc:82:70:0e:32:52:1e:4b:c8:65:2f:87:e7:1e:a4:5f:8a:7c:87:aa:94:dc:1a:97:7a:f4:e8:49
Signer

Actual PE Digest

86:44:07:ec:dc:82:70:0e:32:52:1e:4b:c8:65:2f:87:e7:1e:a4:5f:8a:7c:87:aa:94:dc:1a:97:7a:f4:e8:49

Digest Algorithm

sha256

PE Digest Matches

false

86:44:07:ec:dc:82:70:0e:32:52:1e:4b:c8:65:2f:87:e7:1e:a4:5f:8a:7c:87:aa:94:dc:1a:97:7a:f4:e8:49
Signer

Actual PE Digest

86:44:07:ec:dc:82:70:0e:32:52:1e:4b:c8:65:2f:87:e7:1e:a4:5f:8a:7c:87:aa:94:dc:1a:97:7a:f4:e8:49

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7cCertificate

86:44:07:ec:dc:82:70:0e:32:52:1e:4b:c8:65:2f:87:e7:1e:a4:5f:8a:7c:87:aa:94:dc:1a:97:7a:f4:e8:49Signer

86:44:07:ec:dc:82:70:0e:32:52:1e:4b:c8:65:2f:87:e7:1e:a4:5f:8a:7c:87:aa:94:dc:1a:97:7a:f4:e8:49Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 184KB

Size: 60KB - Virtual size: 144KB

Size: 15B - Virtual size: 12B

.imports Size: 1024B - Virtual size: 8KB

.rsrc Size: 49KB - Virtual size: 49KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 4.4MB - Virtual size: 4.4MB

.taggant Size: 8KB - Virtual size: 9KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

86:44:07:ec:dc:82:70:0e:32:52:1e:4b:c8:65:2f:87:e7:1e:a4:5f:8a:7c:87:aa:94:dc:1a:97:7a:f4:e8:49
Signer

86:44:07:ec:dc:82:70:0e:32:52:1e:4b:c8:65:2f:87:e7:1e:a4:5f:8a:7c:87:aa:94:dc:1a:97:7a:f4:e8:49
Signer

.text
Size: 180KB - Virtual size: 184KB

.imports
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 49KB - Virtual size: 49KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 4.4MB - Virtual size: 4.4MB

.taggant
Size: 8KB - Virtual size: 9KB