3967696e120a0964b85c42678472b470_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3967696e120a0964b85c42678472b470_NeikiAnalytics
Size

24KB
MD5

3967696e120a0964b85c42678472b470
SHA1

5b1217d31ee64428bc24a7caf7f861f1b0e7fa9f
SHA256

c1d68c84e3e663452669fd8292e0512c7820392a70c9024d6a36e47843f08712
SHA512

a2f8732ce2fc8c4492cc57ca4a118f800539e877d04de7fdb69972eae7f322e8bb805b3861ddc514e62bfb311eb71c15854ccc9c96c8721494e8d59e14d0d847
SSDEEP

384:hzvoQ3UzqoGCX6Cr7TtJy2DmfnVuCEDeluDqHB6yx6vBS+/2Q:lSqoX6O7G2ou5S0qHBbx6vBZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3967696e120a0964b85c42678472b470_NeikiAnalytics

Files

3967696e120a0964b85c42678472b470_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

9e029c18a437c3456e7b3238d643070d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

Extract
CreateAsyncBindCtx
DllCanUnloadNow
IsAsyncMoniker
ZonesReInit
IsValidURL
URLDownloadW

wsock32

accept
bind
htons
sethostname
WSAStartup
htonl
SetServiceA
gethostbyaddr
listen

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE