c950172a222f4baf5ce8ff408b2a7a30_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

c950172a222f4baf5ce8ff408b2a7a30_NeikiAnalytics
Size

1.4MB
MD5

c950172a222f4baf5ce8ff408b2a7a30
SHA1

db1b99d8b10e6e75aee090ecdd3c163902d02500
SHA256

ff8f8e2bdc8415686fefc23fa230648b7d4368a841c3245350f8043836b85a07
SHA512

04bbd97a83460e2eaf358bc4c6eaac24e9bd059dd9ec05a1ae1fee2c27c42ae39bdf0b79dc9226641308c89d04ca8772882622a76b99b460cf9df8243c5b4c2b
SSDEEP

12288:BHOjbgNFjJLEev4Jkh61UQD6NStjhikNo/KiiwqHwHYCCjaIzs3:ZygHJLEevkkh6X+NLkN7TAuTs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c950172a222f4baf5ce8ff408b2a7a30_NeikiAnalytics

Files

c950172a222f4baf5ce8ff408b2a7a30_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

c648c9799b7ff0414ebc127f95f5742a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

j:\obj\nt_ms_x86_p\dbulseg.pdb

Imports

user32

LoadStringA
LoadStringW
CharUpperA
CharLowerA
IsCharAlphaA
MessageBoxA
CharToOemA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

kernel32

SetEnvironmentVariableA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsBadReadPtr
GetACP
GetSystemDefaultLangID
IsDBCSLeadByte
GetModuleFileNameA
VirtualQuery
GetSystemDirectoryA
GetWindowsDirectoryA
MultiByteToWideChar
GetOEMCP
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
FlushFileBuffers
SetEndOfFile
GetLastError
SetFilePointer
LoadLibraryA
SetErrorMode
FreeLibrary
GetVersion
GetCurrentProcess
GetEnvironmentVariableA
GetCommandLineA
GetVersionExA
GetFileAttributesA
CloseHandle
GetFileType
CreateFileA
SetStdHandle
ReadFile
WriteFile
GetDriveTypeA
GetCurrentDirectoryA
ExitProcess
TerminateProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
TlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetCPInfo
VirtualAlloc
GetFullPathNameA
GetSystemTimeAsFileTime
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
CompareStringA
CompareStringW

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c648c9799b7ff0414ebc127f95f5742a

Headers

File Characteristics

PDB Paths

Imports

user32

advapi32

kernel32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB