a1eac2ae4e7cdf5bc4d02d67352cc690_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

a1eac2ae4e7cdf5bc4d02d67352cc690_NeikiAnalytics
Size

1.4MB
MD5

a1eac2ae4e7cdf5bc4d02d67352cc690
SHA1

5f327cf54713565eeb214fdf12c377b2fb7515f4
SHA256

8fb5cf70a8085eb37494dc0ea077e41092fa1686a6e7631ef081c33c617e78a4
SHA512

0e58f3c0589b359c0d0409a21be2240ac72e69b191836ebe86af64b8cebe786f8bf9563277bdbca27fbeab1e4269adab040fcb96b56c816f5df063c2ae01f403
SSDEEP

24576:f+LGQW0/HELyxjb/BSTNjx+mZCkt76f/24pN+XNqNG6hditW:f+iQVELyxjVCf9Ckt7c20+9qNxUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1eac2ae4e7cdf5bc4d02d67352cc690_NeikiAnalytics

Files

a1eac2ae4e7cdf5bc4d02d67352cc690_NeikiAnalytics
.exe windows:10 windows x64 arch:x64

5983ecee2610945955cbb48db42e1ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tracefmt.pdb

Imports

advapi32

OpenTraceW
CloseTrace
ProcessTrace
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertSidToStringSidW
RegEnumKeyExW
GetLengthSid
LookupAccountSidW

kernel32

GetModuleHandleExW
GetModuleFileNameW
CompareStringOrdinal
CreateFileW
GetVersionExW
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
CloseHandle
HeapSetInformation
FileTimeToLocalFileTime
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetSystemInfo
SetDllDirectoryW
GetDllDirectoryW
VirtualProtect
HeapFree
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
HeapAlloc
GetProcessHeap
VirtualQuery
GetFileSizeEx
SystemTimeToFileTime
CopyFileW
GetFileAttributesW
CreateDirectoryW
OutputDebugStringW
CompareFileTime
GetPrivateProfileStringW
GetFileTime
GetFileSize
LoadLibraryExW
LocalFree
FormatMessageW
SetLastError
DeleteCriticalSection
GetCurrentDirectoryW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SearchPathW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetEnvironmentVariableA
GetEnvironmentVariableW
HeapDestroy
HeapReAlloc
HeapSize
ReadFile
GetFullPathNameW

msvcrt

strcmp
??1type_info@@UEAA@XZ
_onexit
_commode
_fmode
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
memset
memcmp
memchr
strnlen
fputws
fputwc
strtok_s
sprintf_s
_splitpath_s
strrchr
strchr
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcscpy_s
__C_specific_handler
memmove_s
wcsrchr
memcpy_s
vfwprintf
_wfullpath
atoi
free
printf
_errno
fwrite
fgets
_purecall
wcstok_s
??3@YAXPEAX@Z
wcstoul
strtoul
_vsnprintf
fclose
_wcsicmp
_wfsopen
_vsnwprintf
strtok
??_V@YAXPEAX@Z
exit
wprintf
__CxxFrameHandler3
__iob_func
_wfopen
wcsstr
wcsspn
fgetws
wcschr
iswspace
_wtoi
wcscspn
_snwprintf_s
wcstol
swscanf
_vsnwprintf_s
strncmp
wcsnlen
vsprintf_s
fopen
vfprintf
strncpy_s
_wsplitpath_s
fprintf
_vscprintf
strcpy_s
fputs
strstr
wcscmp

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW

tdh

TdhLoadManifestFromBinary
TdhGetEventInformation
TdhGetEventMapInformation
TdhLoadManifest

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 205KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5983ecee2610945955cbb48db42e1ddd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

version

ntdll

tdh

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 455KB - Virtual size: 455KB

.data Size: 205KB - Virtual size: 249KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 232B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 455KB - Virtual size: 455KB

.data
Size: 205KB - Virtual size: 249KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 232B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 592KB - Virtual size: 596KB