b535f30be69f14881faaaabacd41c640_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b535f30be69f14881faaaabacd41c640_NeikiAnalytics
Size

1.5MB
MD5

b535f30be69f14881faaaabacd41c640
SHA1

244b05235c012efc34e3e7a3ec22bb6405b436cb
SHA256

71ad8fa5fd010f52298232cc9c0b13095fa80ae9466f8388f9a9ad05fff2b474
SHA512

f4d1191366eaf4cc00f5a2aac4dde4e56f353a8efd389bf5bb3b851f7a157e4bb856d677fb5ef0f12bcc79b9dd413dd29ce5580e331b070979fa54031ff99d50
SSDEEP

49152:OhFuzS6P+TDfvAZoSggRBYN7pFgOAXGsqORYLKF:Ozuz9P+TLAZTgkYzFgOAvqYYm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b535f30be69f14881faaaabacd41c640_NeikiAnalytics

Files

b535f30be69f14881faaaabacd41c640_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

9bfad54b63959693ecef3a80bf98f6fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHSetLocalizedName

mscms

GetColorProfileElement

kernel32

ConvertDefaultLocale
GetProcAddress
DeleteCriticalSection
GetFileSize
IsProcessInJob
GetModuleFileNameA
GetBinaryTypeA

winmm

waveInStart

advapi32

GetSidSubAuthority
RegCloseKey
OpenProcessToken

wintrust

CryptCATClose

ole32

HWND_UserMarshal

winspool.drv

GetPrinterW

Exports

Exports

SeraeqhdlH

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.code
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ