76f821aeb64ad6ecc90d974639556e10_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

76f821aeb64ad6ecc90d974639556e10_NeikiAnalytics.exe
Size

951KB
MD5

76f821aeb64ad6ecc90d974639556e10
SHA1

3ed015ae3f98cd187607a90a8f01ab205d15d861
SHA256

58beeed9a46921029ab00948b42353a74c84675107373c163bb0f1880a2b89ed
SHA512

ae4f3ccd71d3ad848ff60fb4484fe4367a8a9970d098c0167c6675b50da8383f23354853d5fc601ae5cd817c156fe6a63d6a996d46bf4272299af89b08d21101
SSDEEP

24576:1o4r7qHdfVSAJHofe3y1sInB2COzRq8DvFqt:WG7qSIP4suIRbDv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76f821aeb64ad6ecc90d974639556e10_NeikiAnalytics.exe

Files

76f821aeb64ad6ecc90d974639556e10_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

bca29c621965b9b64e2d79240618a26a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64_x86\cl.amd64_x86.pdb

Imports

advapi32

CryptGenRandom
EventRegister
CryptAcquireContextW
EventWrite
CryptReleaseContext
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

ReadFile
FindFirstFileW
GetCommandLineW
GetCurrentProcess
GetModuleFileNameW
SetEnvironmentVariableW
SetErrorMode
GetEnvironmentVariableW
InitializeCriticalSectionEx
FindClose
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
FreeEnvironmentStringsW
GetLastError
DeleteFileW
CloseHandle
RaiseException
GetSystemInfo
LoadLibraryW
GetCurrentDirectoryW
SwitchToThread
DecodePointer
GetProcAddress
SetFilePointerEx
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
GetEnvironmentStringsW
VirtualQuery
LoadLibraryExW
GetFullPathNameW
GetTempPathW
GetDiskFreeSpaceExW
SetConsoleCtrlHandler
SearchPathW
GetConsoleScreenBufferInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenEventW
SetEvent
CreateProcessW
GetExitCodeProcess
GetConsoleOutputCP
WriteFile
GetACP
GetConsoleMode
QueryPerformanceFrequency
LoadResource
FindResourceW
WideCharToMultiByte
GetFileType
QueryPerformanceCounter
VirtualFree
VirtualAlloc
UnmapViewOfFile
MapViewOfFileEx
GetStartupInfoW
GetStdHandle
WaitForMultipleObjects
SetThreadPriority
CreatePipe
CreateMutexW
DuplicateHandle
Sleep
CreateThread
GetCurrentProcessId
HeapFree
FindNextFileW
GetUserDefaultUILanguage
EncodePointer
HeapAlloc
GetProcessHeap
CreateEventW
GetTickCount64
VirtualProtect
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetFileInformationByHandleEx
LocalFree
FormatMessageA
AreFileApisANSI
GetFileAttributesExW

vcruntime140

_CxxThrowException
__current_exception
memset
__C_specific_handler
memmove
memcpy
__std_exception_destroy
__std_exception_copy
wcschr
wcsstr
__current_exception_context
wcsrchr

api-ms-win-crt-string-l1-1-0

wcscat_s
wcspbrk
iswspace
wcsspn
_wcsicmp
wcsncmp
iswdigit
wcsncpy_s
_wcsupr_s
_wcslwr_s
wcscmp
_wcsdup
wcsncat_s
wcsnlen
towlower
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
__p__wpgmptr
_register_thread_local_exe_atexit_callback
_c_exit
terminate
__p___argc
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_cexit
_set_app_type
_seh_filter_exe
_errno
_wsystem
exit
__doserrno
_crt_atexit
_get_wpgmptr
_invalid_parameter_noinfo
__p___wargv

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_wfullpath
_waccess_s
_wmakepath_s
_wsplitpath_s
_wunlink
_wremove

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
setlocale

api-ms-win-crt-stdio-l1-1-0

_write
fputws
_get_osfhandle
getwchar
_dup2
_flushall
__stdio_common_vfprintf
__stdio_common_vswprintf_s
_fileno
_setmode
__stdio_common_vswprintf
puts
_wfopen_s
__stdio_common_vfwprintf_s
_wfsopen
fopen
_set_fmode
__p__commode
feof
fgetws
fclose
__acrt_iob_func
fflush
__stdio_common_vswscanf
__stdio_common_vsnwprintf_s
__stdio_common_vfwprintf
_isatty

api-ms-win-crt-convert-l1-1-0

_wtoi
_itow_s
wcstol
_wtoi64
wcstoul

api-ms-win-crt-environment-l1-1-0

_wputenv_s
_wgetenv_s
_wdupenv_s
getenv
_wgetcwd

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
_set_new_mode
free

api-ms-win-crt-process-l1-1-0

_wspawnv

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-conio-l1-1-0

_cputws

api-ms-win-crt-time-l1-1-0

_ftime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceilf

ole32

CoCreateGuid
StringFromGUID2

msvcp140

?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ

vcruntime140_1

__CxxFrameHandler4

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bca29c621965b9b64e2d79240618a26a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-process-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

ole32

msvcp140

vcruntime140_1

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 175KB - Virtual size: 175KB

.data Size: 9KB - Virtual size: 27KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 175KB - Virtual size: 175KB

.data
Size: 9KB - Virtual size: 27KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB