90fc42fe34c188d8058013834e9c7bb0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

90fc42fe34c188d8058013834e9c7bb0_NeikiAnalytics
Size

2.1MB
MD5

90fc42fe34c188d8058013834e9c7bb0
SHA1

3a9871596d6c6a47930e76632cc5f5be1b1b6ed2
SHA256

82fe826c829dbae7efc4a3e6e5e4d5c17736e86aadb588d34c593f90e962abde
SHA512

1a7b3585a9810987efd34aca3f74ea48c7eb7d9683107fe0b13536785c7be7942f5f33c8779f727e51b8ec5528d740adc2abf5801d15cb8bdd89151911b9415f
SSDEEP

24576:llC4I3HjlnZ4olSE2pQIataGwLkMTOqTy+Cv9wiow:24I3hZ4ogEgataGFMTOqTxCv9wR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90fc42fe34c188d8058013834e9c7bb0_NeikiAnalytics

Files

90fc42fe34c188d8058013834e9c7bb0_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

0f9bb147343d637e6cfc6c8ec8d03acd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dev\lib\win64_vc12\llvm\llvm-3.4.2.src\build\windows_debug\bin\Debug\macho-dump.pdb

Imports

dbghelp

SymGetLineFromAddr64
SymInitialize
SymGetSymFromAddr64
SymGetModuleBase64
SymFunctionTableAccess64
SymSetOptions
StackWalk64

kernel32

SetEnvironmentVariableA
GetStringTypeW
HeapQueryInformation
LocalFree
FormatMessageA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
ReadFile
RemoveDirectoryW
SetFileTime
GetTempPathW
CloseHandle
GetLastError
Sleep
GetSystemInfo
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
MoveFileExW
CreateHardLinkW
MultiByteToWideChar
WideCharToMultiByte
GetSystemTimeAsFileTime
WaitForSingleObject
GetStdHandle
GetCommandLineW
GetEnvironmentVariableW
SetErrorMode
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
SearchPathW
DuplicateHandle
SetLastError
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
SetConsoleCtrlHandler
TryEnterCriticalSection
DeleteCriticalSection
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
WriteConsoleW
GetCommandLineA
ExitProcess
AreFileApisANSI
SetEndOfFile
HeapAlloc
HeapFree
GetProcessHeap
SetStdHandle
RaiseException
LoadLibraryExW
CreateThread
GetCurrentThreadId
ExitThread
HeapValidate
HeapWalk
WriteFile
OutputDebugStringA
OutputDebugStringW
FatalAppExitA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
CreateSemaphoreW
HeapSize
WaitForSingleObjectEx
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeLibrary
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc

shell32

CommandLineToArgvW

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f9bb147343d637e6cfc6c8ec8d03acd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

shell32

advapi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 426KB - Virtual size: 425KB

.data Size: 10KB - Virtual size: 23KB

.pdata Size: 85KB - Virtual size: 85KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 426KB - Virtual size: 425KB

.data
Size: 10KB - Virtual size: 23KB

.pdata
Size: 85KB - Virtual size: 85KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB