c254a191ff1a5465871b12a1f64abf30_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

c254a191ff1a5465871b12a1f64abf30_NeikiAnalytics
Size

63KB
MD5

c254a191ff1a5465871b12a1f64abf30
SHA1

5e77e87e929eaf89d21a9142e8932668a351cb4c
SHA256

1a4c799538d7148f1981daf28f7c413495b162f9f5a115c105a0188aba47770e
SHA512

da059debcc63d6b8a0f672405a41a9c3cb386a0a9a0bd86bc2b07b98c34e6f1ccdeb391593de30f84785bddd998dcd80e897a6dfbb18cfc4b12f054f9aaf8546
SSDEEP

1536:Z9feHsCrXAZ5njcCN2wJDyvMMecadvpFJlZy:Z9lCrwZ5njcPs/FJlo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c254a191ff1a5465871b12a1f64abf30_NeikiAnalytics

Files

c254a191ff1a5465871b12a1f64abf30_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

7ff49f7e5ec056844341978520b15856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\NewBuilds\20090421a.bld\source\untd_client\builds\Release\instlsp.pdb

Imports

rpcrt4

UuidCreate

ole32

StringFromGUID2

sporder

WSCWriteProviderOrder

ws2_32

WSCEnumProtocols
WSCDeinstallProvider
WSCInstallProvider
WSAGetLastError
WSACleanup
WSAStartup
WSCGetProviderPath

kernel32

SetStdHandle
HeapSize
CloseHandle
GetSystemInfo
VirtualProtect
GetOEMCP
GetACP
ExitProcess
HeapAlloc
GetProcessHeap
GetLastError
HeapFree
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
GetModuleHandleA
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
LCMapStringA
WideCharToMultiByte
LCMapStringW
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
InterlockedExchange
VirtualQuery
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
GetCPInfo
GetLocaleInfoA

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ff49f7e5ec056844341978520b15856

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

ole32

sporder

ws2_32

kernel32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 416B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 416B

.reloc
Size: 4KB - Virtual size: 4KB