1b3e302c1f6f6a872978e9658ebffe20_NeikiAnalytics | Triage

Sharing

General

Target

1b3e302c1f6f6a872978e9658ebffe20_NeikiAnalytics
Size

430KB
MD5

1b3e302c1f6f6a872978e9658ebffe20
SHA1

669bdb182b02034eaaf62845f5e2176657c4866d
SHA256

3a699694ea25ad8bec642cc3c913c4414c349abc8aa7105ee26102c09bef7499
SHA512

74b22f992829c8e071449f7ec0eef61f0575d1d3b7201a5459feb0586b4dc97c148fb5b4f2d0f4ccad56a3b25cf6a485b22a2be36ccec14daa8dac8c5f2517c9
SSDEEP

12288:TP7xf5HU/AqVqhQQecOIsV/AWmiynaxYDs5F8r:TDz6F6CP/fkax78

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b3e302c1f6f6a872978e9658ebffe20_NeikiAnalytics

Files

1b3e302c1f6f6a872978e9658ebffe20_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

b39f83899975eeb5b2db14b289d7529c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord70
ord8
ord171
ord125
ord17
ord211
ord145
ord74

kernel32

RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
FindClose
FindFirstFileW
GetComputerNameA
GetVersionExW
WaitForSingleObject
GetComputerNameW

comdlg32

GetOpenFileNameW
GetOpenFileNameA

advapi32

GetUserNameW
GetUserNameA

shell32

SHFileOperationA
ShellExecuteExA
ShellExecuteExW
SHFileOperationW

Exports

Exports

DeleteExtractionPath
DeleteLZMAFiles
ExpandExtractionPath
ExtractLZMAFiles
FindEXE

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ