e3c0f5ca0a435ba7fae0f9b6eb9d3e10_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

e3c0f5ca0a435ba7fae0f9b6eb9d3e10_NeikiAnalytics
Size

1.3MB
MD5

e3c0f5ca0a435ba7fae0f9b6eb9d3e10
SHA1

965d394d85b393a9d0c0f8b428202b7f874e4581
SHA256

07a5a8ef849d88624dd82155ef41d15a099d72ea39d4223c5152181c85782f6f
SHA512

99631d3d35094fcbd68e4a923ddd202524d541a4a7897163630b3d62a49af6896c0ff29c79c0e76e3737460a7c1d309e41ec4bc520a76a18d84a4ad58a88d494
SSDEEP

12288:8+aDj5AW3n4Np+wOYDysqOMmq3ebNZINMbzh2nE/qUX1VK99nxvjOf1lGcdp:8Tb3sRyrOMx300Cbzh2nE/qUI9xMGc3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e3c0f5ca0a435ba7fae0f9b6eb9d3e10_NeikiAnalytics

Files

e3c0f5ca0a435ba7fae0f9b6eb9d3e10_NeikiAnalytics
.exe windows:10 windows x86 arch:x86

f7758c78c7848b809e98fab3c95d1c39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

midl.pdb

Imports

kernel32

GetCommandLineW
GetStdHandle
GetEnvironmentVariableW
WaitForSingleObject
MultiByteToWideChar
CloseHandle
LocalFree
CreateProcessW
CreateProcessA
GetExitCodeProcess
GetModuleHandleA
Sleep
GetTempPathA
GetLastError
GetProcAddress
GetTempFileNameA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
RtlUnwind
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

msvcrt

fflush
_unlink
printf
fopen
fclose
fgetc
isspace
_errno
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
strstr
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
wcsstr
memcpy
memset
?terminate@@YAXXZ
_controlfp
_lock
_unlock
__dllonexit
_onexit
setvbuf
isxdigit
isleadbyte
calloc
free
localeconv
mbtowc
__mb_cur_max
_iob
_snprintf
_itoa
wctomb
malloc
_read
__badioinfo
__pioinfo
realloc
_write
_lseeki64
_strnicmp
atoi
ctime
_makepath
strncmp
_fileno
fprintf
_isatty
_splitpath
fseek
_vsnprintf
_fgetchar
freopen
isdigit
__set_app_type
__iob_func
putc
_fsopen
_setmode
fwrite
??1type_info@@UAE@XZ

shell32

CommandLineToArgvW

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f7758c78c7848b809e98fab3c95d1c39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

shell32

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB