03b81dc6ce8f43d48f427c12bf9cd040_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

03b81dc6ce8f43d48f427c12bf9cd040_NeikiAnalytics
Size

352KB
MD5

03b81dc6ce8f43d48f427c12bf9cd040
SHA1

2c1865719ebeedc23197bdbfa766129236a318cd
SHA256

0b94757164e2b2e6ec71409f58a2fc2d5935965175111a7c9456a6952da83082
SHA512

98a15a5fa22d12d6cd620c480a3800c59eb63e4eebe3fe1ddfa9009dc9affe610b7fef04f2c8a564893364cbf8bc509d12265bd4d8e46b28f129c1af944e8bfc
SSDEEP

6144:a+/9gkandvjoJMvvSQcW1S83i4EdTMqeuhttSWZtBaG5pZDAJi5NgAdHcX21QgxH:a+/9gkandvjoJsvSdW1rrfMttSWNrpJ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03b81dc6ce8f43d48f427c12bf9cd040_NeikiAnalytics

Files

03b81dc6ce8f43d48f427c12bf9cd040_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

b759e67ab9c9bed51d5cb388b3394bb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

sendto
select
__WSAFDIsSet
accept
send
recv
socket
setsockopt
htonl
htons
bind
closesocket
listen
ioctlsocket
gethostbyname
inet_addr
gethostname
WSAStartup

co-crypto

ord3171
ord3106
ord3253
ord3024

kernel32

ExpandEnvironmentStringsA
ExitProcess
SetPriorityClass
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
SetLastError
FreeLibrary
Sleep
CloseHandle
TerminateProcess
FormatMessageA
CreateProcessA
CreateFileA
GetStartupInfoA
GetProcAddress
LoadLibraryA
WideCharToMultiByte
OpenProcess
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
SetConsoleCtrlHandler
lstrlenA
GetLastError
LocalFree
GetExitCodeProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
CompareStringA
CompareStringW
GetLocaleInfoW
SetEnvironmentVariableA
ReadFile
WaitForSingleObject
SetEndOfFile
DeleteFileA
CreateDirectoryA
SetEnvironmentVariableW
GetLocaleInfoA
LoadLibraryExA
GetLocalTime
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetFullPathNameA
HeapAlloc
MoveFileA
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapReAlloc
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
SetHandleCount
GetFileType
GetStdHandle
GetCurrentThreadId
TlsAlloc
TlsGetValue
RtlUnwind
UnhandledExceptionFilter
GetCurrentDirectoryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapCreate
GetStringTypeA
GetStringTypeW
GetFileAttributesA
SetFilePointer
SetCurrentDirectoryA

advapi32

CloseEventLog
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
LookupAccountSidA
FreeSid
RegQueryValueExA
ReadEventLogW
ReadEventLogA
OpenEventLogA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
StartServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
CreateServiceA
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 902KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b759e67ab9c9bed51d5cb388b3394bb9

Headers

File Characteristics

Imports

wsock32

co-crypto

kernel32

advapi32

Sections

.text Size: 207KB - Virtual size: 207KB

.rdata Size: 512B - Virtual size: 232B

.data Size: 119KB - Virtual size: 902KB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 512B - Virtual size: 232B

.data
Size: 119KB - Virtual size: 902KB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 20KB