30e8e3cc688e484aa109c1df79289f80_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

30e8e3cc688e484aa109c1df79289f80_NeikiAnalytics
Size

268KB
MD5

30e8e3cc688e484aa109c1df79289f80
SHA1

4f77fd0b894ab4400e7c37ae6ef77d60b58feb0f
SHA256

575a35e7472c178f31cbedde76af53ebadc8d8477ce39580f7ef3daae4e22884
SHA512

3a1c707a2df002f67df4cf54786f28e6f3a63a09c7cd7478c7fa49f6efaad05ae959dd151919d67abb22262e8736618a650ff8511725fde294154c2dc40e348d
SSDEEP

6144:/o09Q5GMKmVXx7vkOkfwjGA1vu0lwmoYCl:/tSKUdRkfQFxwmoYC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30e8e3cc688e484aa109c1df79289f80_NeikiAnalytics

Files

30e8e3cc688e484aa109c1df79289f80_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

a1a6d773004d28051a91e9ef6aa6c219

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyA
RegEnumKeyExA

user32

GetSystemMetrics
wsprintfA

ws2_32

send
getsockname
connect
getpeername
WSAGetLastError
closesocket
gethostname
bind
WSAStartup
recv

kernel32

SetEndOfFile
GetTimeZoneInformation
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetVersionExA
CloseHandle
WaitForSingleObject
CreateFileA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
GetSystemDirectoryA
CreateMutexA
ReleaseMutex
CreateEventA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
GetFileSize
GetTempPathA
UnmapViewOfFile
FlushViewOfFile
OpenEventA
SetEvent
WaitForMultipleObjects
GetTickCount
GetCurrentProcessId
GlobalAlloc
GlobalFree
GetVersion
ResetEvent
GetModuleFileNameA
LocalFree
lstrlenA
MultiByteToWideChar
lstrcmpA
LocalAlloc
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
Sleep
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
GetPrivateProfileStringA
GetPrivateProfileIntA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitThread
GetCurrentThreadId
CreateThread
HeapReAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
WriteFile
GetConsoleCP
GetConsoleMode
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
SetFilePointer
HeapSize
GetLocaleInfoA

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1a6d773004d28051a91e9ef6aa6c219

Headers

File Characteristics

Imports

advapi32

user32

ws2_32

kernel32

Sections

.text Size: 224KB - Virtual size: 223KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 16KB - Virtual size: 26KB

.text
Size: 224KB - Virtual size: 223KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 26KB