14b02ede8f9f140ad9f9cf51f61fa550_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

14b02ede8f9f140ad9f9cf51f61fa550_NeikiAnalytics
Size

1.5MB
MD5

14b02ede8f9f140ad9f9cf51f61fa550
SHA1

3770a01724e44728260b32c522a8a1a2176179d0
SHA256

9f6fbe785f9b47800086a71afd2a81df16242ca32d809385d008521c946cdaa5
SHA512

5c81f8619bd48cb11de2641eb50b3b632f5e5a8212daf7d26ec18cffb362a545dd51c0bb638e86611f86107303c6f312448012da0bc92c7e9b3a7b31cb19b15d
SSDEEP

24576:KYJLFXAnVq1qRRskJ39Esg+yqw/i328ab4F+rM/aXq6bJfBUam6:5RFgCBatqqw/i3da1YS6ozB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14b02ede8f9f140ad9f9cf51f61fa550_NeikiAnalytics

Files

14b02ede8f9f140ad9f9cf51f61fa550_NeikiAnalytics
.exe windows:10 windows x86 arch:x86

b5a2763b8fb2c6e0f0443f5e9c8f872f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

midlc.pdb

Imports

kernel32

CompareStringA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
Sleep
GetTempPathA
GetLastError
lstrcmpiA
GetTempFileNameA
GetSystemDefaultLCID
IsDBCSLeadByteEx
GetLocaleInfoA
DelayLoadFailureHook
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WideCharToMultiByte
IsBadStringPtrA
LoadLibraryA
MultiByteToWideChar
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
RtlUnwind
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary

msvcrt

ungetc
_dup
feof
strstr
getenv
_dup2
toupper
realloc
isalpha
strncpy
isxdigit
strncmp
fgetpos
atoi
isspace
fsetpos
isdigit
malloc
atof
tolower
strtoul
putc
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
_errno
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
??1type_info@@UAE@XZ
_ismbblead
memcpy
memset
memmove
?terminate@@YAXXZ
_controlfp
_lock
_unlock
__dllonexit
_onexit
__RTDynamicCast
isleadbyte
free
_iob
_snprintf
_itoa
wctomb
__badioinfo
__pioinfo
_isatty
_write
_lseeki64
_fileno
_fullpath
_access
_unlink
getc
_splitpath
_fsopen
fseek
_spawnlp
_fmode
fclose
fopen
strtok
ftell
strchr
iscntrl
putchar
_open
__iob_func
_waccess
_ltoa
fgets
fputs
_sopen
rewind
__RTtypeid
??9type_info@@QBEHABV0@@Z
??8type_info@@QBEHABV0@@Z
?name@type_info@@QBEPBDXZ
vfprintf
_setmode
fwrite
_close
fprintf
_fstat
_read
_strerror
fflush
_stricmp
exit
printf
_purecall
_vsnprintf
isprint
setvbuf
__set_app_type
memcmp

Sections

.text
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 636KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b5a2763b8fb2c6e0f0443f5e9c8f872f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

Sections

.text Size: 824KB - Virtual size: 824KB

.data Size: 20KB - Virtual size: 29KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 636KB - Virtual size: 640KB

.text
Size: 824KB - Virtual size: 824KB

.data
Size: 20KB - Virtual size: 29KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 636KB - Virtual size: 640KB