32774ef0ec483acfa653006828d68400_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32774ef0ec483acfa653006828d68400_NeikiAnalytics
Size

21KB
MD5

32774ef0ec483acfa653006828d68400
SHA1

54409c9684ee754739486cc05a067d70d3d2f414
SHA256

0937584f94c9bfbcc98fe6424aeba2d9d6c5cb80fdda4a69025386a294ee4734
SHA512

9caa1c616a0310b0304edfd486dfbc6e69b41d8deffcf88c4a3c10aeaacebd35648ea678bc77dd2d4c36cfd020be6ff758b6bc00a7763f2dfd8491e49247c8b9
SSDEEP

384:IsW0t/LcuJWgvMM7JL/7WRy1W4AMJdao4oKREPuINMWP+LNg1n3f5KkQc:PTcu7vMyh/2wv74o42WWV1v59Qc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32774ef0ec483acfa653006828d68400_NeikiAnalytics

Files

32774ef0ec483acfa653006828d68400_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

d6c4c5a478e49a5f7bd276b513900d29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA

ole32

CreateStreamOnHGlobal

user32

SetActiveWindow

advapi32

GetUserNameA

shlwapi

StrStrIA

shell32

ShellExecuteA

wsock32

gethostname

crypt32

CryptUnprotectData

Sections

.text
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.conf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

19G8POW4
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE