07425fea812b77e4bdb29b4a2f071170_NeikiAnalytics

General

Target

07425fea812b77e4bdb29b4a2f071170_NeikiAnalytics
Size

233KB
MD5

07425fea812b77e4bdb29b4a2f071170
SHA1

e3a653497af71d1a6ae6f89b7329940e1da50d29
SHA256

5ce1308f5e18baa51d7cbfb5107c46e13b909224ff681a9182e5f08ace40e8b0
SHA512

183012505da68ad051b55f2545a1a2789971d3c6a482e101ec9abf4f5d6a77ad1664205d7501cd84d2f44053cfe12a0b9ee07b24293ad1174f40fedf52b6ee40
SSDEEP

6144:/jNfIc5T3kFNlcMlSuGItndBUrkwjTfH89/16MIx6KorBnMk:bX5TMNjlSYwrkwjzBx7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07425fea812b77e4bdb29b4a2f071170_NeikiAnalytics

Files

07425fea812b77e4bdb29b4a2f071170_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

e4e1b12fb072810749f62b2d9d8e0af7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
CreateMutexA
WriteFile
FillConsoleOutputCharacterW
RtlUnwind
LCMapStringA
RaiseException
GetCurrentProcess
GetVersion
VirtualAlloc
TlsFree
VirtualFree
HeapReAlloc
GetStartupInfoA
CopyFileExA
GetOEMCP
GetACP
InterlockedExchange
GetModuleFileNameA
GetCommandLineA
IsBadWritePtr
ExitProcess
GetEnvironmentStringsW
InitializeCriticalSection
MultiByteToWideChar
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
HeapCreate
FreeEnvironmentStringsW
TlsAlloc
QueryPerformanceCounter
WriteConsoleOutputCharacterA
TlsGetValue
FillConsoleOutputAttribute
VirtualQuery
GetCurrentThreadId
FreeEnvironmentStringsA
HeapAlloc
GetStringTypeA
HeapFree
TlsSetValue
TerminateProcess
GetCurrentProcessId
SetConsoleTitleW
LCMapStringW
HeapDestroy
DuplicateHandle
SetLastError
EnterCriticalSection
GetFileType
LeaveCriticalSection
GetCPInfo
UnhandledExceptionFilter
WideCharToMultiByte
LocalSize
lstrcmp
GetModuleHandleA
SetFileTime
GetEnvironmentStrings
FormatMessageA
CreateFileMappingW
GetStringTypeW
MoveFileW
MapViewOfFileEx
DeleteCriticalSection
SetHandleCount
GetProcAddress
GetLastError
GetStdHandle
lstrcmpiA

shell32

DoEnvironmentSubstA
SHEmptyRecycleBinW
DragFinish
RealShellExecuteW
DragQueryFileA
CheckEscapesW

advapi32

CryptDeriveKey
InitiateSystemShutdownW
CryptGetProvParam
CryptSetProviderA
CryptDecrypt
RegSetValueExW
LookupPrivilegeDisplayNameW
RegQueryValueExA
LookupAccountSidA
LookupPrivilegeValueW
InitializeSecurityDescriptor
RegSaveKeyW
CryptGetHashParam
CryptDuplicateKey
CryptSetHashParam
AbortSystemShutdownA

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4e1b12fb072810749f62b2d9d8e0af7

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

Sections

.text Size: 121KB - Virtual size: 121KB

.data Size: 105KB - Virtual size: 105KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 121KB - Virtual size: 121KB

.data
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 5KB - Virtual size: 5KB