5b3a9105c6cbe7c8d0b7f9090c6e7af0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5b3a9105c6cbe7c8d0b7f9090c6e7af0_NeikiAnalytics.exe
Size

1.3MB
MD5

5b3a9105c6cbe7c8d0b7f9090c6e7af0
SHA1

902aade41e3880c0d2b0fcb893a94d2c31a74fae
SHA256

727d3432207daaf30db838bbad106a670c7ece338011f140c101b93087bbc284
SHA512

b2b2bd5178eb696b915d2457ee24abfa044a36eb651534d43ce795c3ca12010964cf4d2dccd2c58d5b51b2c775fe071cc2a643614005e073f245e5c9896dfc3a
SSDEEP

24576:EkFL29RNTLr9gItWlSr0PZTyj81SwPHU8X31PfU17DhZy0lxHZ9/I:7FL2bNOItW3PFyjdw/3FPfUNDZ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b3a9105c6cbe7c8d0b7f9090c6e7af0_NeikiAnalytics.exe

Files

5b3a9105c6cbe7c8d0b7f9090c6e7af0_NeikiAnalytics.exe
.exe windows:10 windows x86 arch:x86

e2cc7c2e396c44a413b2baacee086045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MakePri.pdb

Imports

msvcrt

_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_onexit
??1type_info@@UAE@XZ
_controlfp
_callnewh
?what@exception@@UBEPBDXZ
malloc
free
_wtoi
_fileno
_setmode
fflush
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
_except_handler4_common
memmove
__dllonexit
_CxxThrowException
??0exception@@QAE@XZ
__iob_func
vswprintf_s
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy
wcsnlen
fwprintf_s
swprintf_s
_purecall
_wcsicmp
_getwche
towupper
wcsstr
wprintf
wcsncmp
_wfopen
fgetwc
_errno
fclose
_wcsnicmp
towlower
wcscpy_s
_vscwprintf_l
wcschr
iswdigit
wcscspn
_wfopen_s
fwprintf
iswctype
wcsrchr
iswalnum
iswspace
qsort_s
isalpha
_ui64tow_s
wcsncpy_s
bsearch
_wtof
memcmp
memchr
__CxxFrameHandler3
??1exception@@UAE@XZ
memcpy_s
?terminate@@YAXXZ
_vsnwprintf
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
strcspn
localeconv
sprintf_s
fread
_filelengthi64
isxdigit
strtol
isdigit
vwprintf_s
wprintf_s
__pctype_func
___lc_handle_func
___lc_codepage_func
__mb_cur_max
setlocale
__crtGetStringTypeW
__crtLCMapStringW
___mb_cur_max_func
abort
__uncaught_exception
_ftol2
_ftol2_sse
memset

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
SysAllocString
VariantChangeTypeEx
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

kernel32

EnterCriticalSection
LeaveCriticalSection
CompareFileTime
SystemTimeToFileTime
DeleteCriticalSection
GetSystemTime
OutputDebugStringA
WideCharToMultiByte
FlushFileBuffers
WriteFile
GetFinalPathNameByHandleW
GetFileAttributesExW
GetDriveTypeW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetFileSizeEx
LCMapStringEx
GetSystemWindowsDirectoryW
ReleaseSRWLockShared
AcquireSRWLockShared
CompareStringOrdinal
MultiByteToWideChar
SetFilePointer
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetFullPathNameW
SetThreadPreferredUILanguages
SetConsoleCtrlHandler
HeapSetInformation
GetFileAttributesW
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CompareStringEx
LocalAlloc
LocalSize
LocalFree
InitializeSRWLock
ReleaseSRWLockExclusive
FindFirstFileW
FindClose
RemoveDirectoryW
FindNextFileW
CopyFileExW
DeleteFileW
GetTempPathW
CreateDirectoryW
AcquireSRWLockExclusive
InitializeCriticalSection

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

user32

LoadStringW

shlwapi

StrChrW
PathIsNetworkPathW
PathRelativePathToW
PathFileExistsW
PathIsRelativeW
PathRemoveBackslashW
SHCreateStreamOnFileW

advapi32

FreeSid
RegGetValueW
GetNamedSecurityInfoW
GetAce
EqualSid
GetLengthSid
AddAccessAllowedAceEx
SetNamedSecurityInfoW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
AllocateAndInitializeSid

Sections

.text
Size: 657KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e2cc7c2e396c44a413b2baacee086045

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

rpcrt4

kernel32

ole32

user32

shlwapi

advapi32

Sections

.text Size: 657KB - Virtual size: 656KB

.data Size: 5KB - Virtual size: 6KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 657KB - Virtual size: 656KB

.data
Size: 5KB - Virtual size: 6KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 596KB - Virtual size: 600KB