5002d401362894404cd4b0e10197c920_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

5002d401362894404cd4b0e10197c920_NeikiAnalytics
Size

1.3MB
MD5

5002d401362894404cd4b0e10197c920
SHA1

682e6a8c3ef319b80c40be4f2798bdc8ceac331c
SHA256

e91173ab0910c7d4bd9c7d6f07a6b2c00fd0b99e10fb2cf28e774be8d72a1215
SHA512

244022613651e87c8b91ad0e033734656a36f438dca2bc514f39774c34d9592fea14dc29b260c681335e8759ceb9bf15ccc86cd9304a5f6342332dddd280292a
SSDEEP

24576:3kuKnonEX7bHsMQ4/O6yMLprOInyT/Swl8Mi9:0uVEXvYMLprznyDSga9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5002d401362894404cd4b0e10197c920_NeikiAnalytics

Files

5002d401362894404cd4b0e10197c920_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

bc8221a0c44b76b0f235068c59bcc8b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\xdocs\x86\ship\0\regform.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

cabinet

ord11
ord23
ord14
ord13
ord20
ord22
ord10

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetTempPathA
CloseHandle
GetFileAttributesW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetLastError
FindClose
FindFirstFileW
lstrlenW
RaiseException
GetUserDefaultLCID
GetFullPathNameW
DeleteFileW
GetTempFileNameW
GetTempPathW
FormatMessageW
WaitForSingleObject
CreateProcessW
SetUnhandledExceptionFilter
SizeofResource
LockResource
LoadResource
FindResourceW
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
CreateDirectoryW
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FindResourceExW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetTempFileNameA
CreateProcessA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
LocalAlloc
LoadLibraryA
FormatMessageA
LocalFree
GetSystemDirectoryW
GetProcAddress
IsDebuggerPresent
WriteFile
LoadLibraryW

user32

CharLowerBuffW
CharUpperBuffW
CharNextW
UnregisterClassA
MessageBoxA

oleaut32

VarBstrCat
VarBstrCmp

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance

msvcr80

_lseek
memcpy
_wsopen_s
_wremove
malloc
free
wcsrchr
wcsstr
wcschr
memcpy_s
wcstol
towupper
towlower
wcsncmp
memset
_vsnwprintf
_recalloc
wprintf
wcsncpy_s
memmove_s
vswprintf_s
wcscpy_s
vsprintf_s
fclose
fwprintf_s
fopen_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_write
_read
_errno
_close

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc8221a0c44b76b0f235068c59bcc8b6

Headers

File Characteristics

PDB Paths

Imports

advapi32

version

cabinet

rpcrt4

kernel32

user32

oleaut32

ole32

msvcr80

Sections

.text Size: 62KB - Virtual size: 61KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 653KB - Virtual size: 653KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 62KB - Virtual size: 61KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 653KB - Virtual size: 653KB

.reloc
Size: 568KB - Virtual size: 572KB