48d3b4d194a9f581c3d441077d1cb460_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

48d3b4d194a9f581c3d441077d1cb460_NeikiAnalytics
Size

1001KB
MD5

48d3b4d194a9f581c3d441077d1cb460
SHA1

defa1457a259871b375ab5b5b8d2d6c818194db5
SHA256

743938a4f8bf01fca0c02513f3d95cdc16e202a5ac47c5f668daadf5d130a7eb
SHA512

d5ac2f1b38b508cf9c96b824cd7455213102e456b7d5d0c0481cb312122d59861cfa507d4cafa451d369201a0d68bc4d30bef6eee4ef737217cbaa27907bd966
SSDEEP

24576:LqI+vV1vm3FO7efQp+5gRZqZrDZpqqgv2ol5xnjH:LqI+vVaFO7p+5gRwPHqqgvNxnz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48d3b4d194a9f581c3d441077d1cb460_NeikiAnalytics

Files

48d3b4d194a9f581c3d441077d1cb460_NeikiAnalytics
.exe windows:10 windows x64 arch:x64

fb4110efd56783e6f0a5ac96b304db0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vswriter.pdb

Imports

kernel32

GetVolumePathNameW
GetFileTime
GetFileSize
FindVolumeClose
FindNextFileW
FindFirstFileW
FindClose
FindFirstVolumeMountPointW
CreateFileW
CreateDirectoryW
CompareFileTime
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
SystemTimeToFileTime
ReadFile
TzSpecificLocalTimeToSystemTime
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExW
FreeLibrary
LocalFree
CloseHandle
GetCurrentThread
FormatMessageW
GetCommandLineW
GetSystemTime
FindNextVolumeMountPointW
FindVolumeMountPointClose
RemoveDirectoryW
SetFilePointer
WriteFile
GetVolumeNameForVolumeMountPointW
FileTimeToSystemTime
CopyFileW
SetConsoleCtrlHandler
WideCharToMultiByte
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSection
HeapSetInformation
GetLastError
DeleteFileW
GetFileAttributesW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
Sleep
OutputDebugStringA
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsSetValue
OutputDebugStringW
TlsAlloc
GetProcAddress
TlsGetValue

msvcrt

__wgetmainargs
_amsg_exit
_XcptFilter
abort
setlocale
__crtLCMapStringW
__crtGetStringTypeW
__mb_cur_max
_errno
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
__pctype_func
__uncaught_exception
_callnewh
_vsnwprintf
wprintf
_wcsicmp
wcschr
_wcsnicmp
_vsnprintf
_exit
wcstoul
printf
sprintf
swprintf
wcscmp
towupper
rand
strstr
wcscpy_s
srand
time
memcpy
??0exception@@QEAA@AEBQEBDH@Z
malloc
_cexit
__setusermatherr
memcpy_s
memmove_s
strcspn
exit
free
sprintf_s
_initterm
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
_purecall
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
localeconv
_CxxThrowException
__set_app_type
memset
memchr
__CxxFrameHandler3
__C_specific_handler
wcstol

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
StringFromCLSID
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
VariantClear
SysFreeString
GetErrorInfo
SysAllocStringLen

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
DeregisterEventSource
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
RegisterEventSourceW
ReportEventW

atl

ord30

user32

LoadStringW

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW

vssapi

CreateWriterEx

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb4110efd56783e6f0a5ac96b304db0f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ole32

oleaut32

ntdll

advapi32

atl

user32

rpcrt4

vssapi

api-ms-win-security-lsalookup-l1-1-0

Sections

.text Size: 254KB - Virtual size: 254KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 64KB - Virtual size: 68KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 254KB - Virtual size: 254KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 64KB - Virtual size: 68KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 568KB - Virtual size: 572KB