7aef0ca3be9b383d312d11b2199ee290_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

7aef0ca3be9b383d312d11b2199ee290_NeikiAnalytics
Size

613KB
MD5

7aef0ca3be9b383d312d11b2199ee290
SHA1

9c6db61b2ac1ffe99bc8a5997af06e695e38a679
SHA256

8b93b4210e35678eb2c82a0f549120481bed99e041cb26aeae21deb8f9f8bb18
SHA512

f74bedeaf02db7bf0de07d528a5562976e913b12bd497a80e768966c746e92e42065653d5539101cc37892a10d5e7a33ce3619100b457d2c17fc1fa49fb830f2
SSDEEP

12288:k0mRGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:k0mUt/sBlDqgZQd6XKtiMJYiPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7aef0ca3be9b383d312d11b2199ee290_NeikiAnalytics

Files

7aef0ca3be9b383d312d11b2199ee290_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

c247e922067f6179f9938eab10534e06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\\binaries\x86ret\bin\i386\pgosweep.pdb

Imports

advapi32

OpenProcessToken

kernel32

GetModuleHandleA
OpenProcess
CloseHandle
GetProcAddress
WaitForSingleObject
OpenEventW
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CreateEventW
Sleep
GetLastError
SetEvent
WaitForSingleObjectEx
PulseEvent
ResetEvent
OpenMutexW
MapViewOfFileEx
VirtualFree
DeviceIoControl
VirtualAlloc
CreateFileW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
FormatMessageW
LocalFree
SystemTimeToFileTime
GetSystemTime
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
WriteFile
GetFileType
GetUserDefaultUILanguage
LoadResource
LoadLibraryExW
GetModuleFileNameW
FindResourceExW
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
EncodePointer
FindNextFileW
FindFirstFileW
FindClose
SetLastError
GetEnvironmentVariableW
TerminateProcess

vcruntime140

__current_exception
__current_exception_context
wcsstr
__CxxFrameHandler3
memset
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
wcschr

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_crt_atexit
__p___argc
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_errno
_set_app_type
_seh_filter_exe
terminate
_configure_wide_argv
_controlfp_s
_initialize_onexit_table
__p___wargv
exit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
fwrite
_fileno
fseek
fclose
_get_osfhandle
fflush
_wfsopen
putchar
__p__commode
fputs
__acrt_iob_func
fread
_set_fmode
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
_wremove
_wfullpath

api-ms-win-crt-string-l1-1-0

wcscpy_s
_wcsicmp
wcscat_s
wcsncpy_s
_strupr_s
wcsncat_s
_wcsdup
wcstok_s

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

ole32

CoCreateGuid

ntdll

RtlInitUnicodeString
NtOpenEvent
NtOpenMutant
NtOpenSection

api-ms-win-crt-convert-l1-1-0

_itow_s
_wtoi
wcstol
wcstoul

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-conio-l1-1-0

_cputws

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c247e922067f6179f9938eab10534e06

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

psapi

ole32

ntdll

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 22KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 134KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 134KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 568KB - Virtual size: 572KB