8855479c6d897b4194ffbe3bd2b00460_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8855479c6d897b4194ffbe3bd2b00460_NeikiAnalytics.exe
Size

401KB
MD5

8855479c6d897b4194ffbe3bd2b00460
SHA1

6b530ac381d4f0ad4c408f719d0d8fa811ee85f4
SHA256

997a457846e5d5f19c6215660ebd478e8f206010cffe099f79939c19e3960b02
SHA512

957a3003a54603401987e07b4dd362586f8026be8ca66868f67925bfc2506915fcb7bb619347952d4449f59c80609a38df16451e200b67ba32460c0a6f559626
SSDEEP

6144:ULFOTRn2lWuq9Sxpgq5E9LPztkY/kkRg5uoTDEUSiM/P19AYnvewAnOLoJImEUf:UxOR58DhY7zfHRyuoH89Vnv2K3fUf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8855479c6d897b4194ffbe3bd2b00460_NeikiAnalytics.exe

Files

8855479c6d897b4194ffbe3bd2b00460_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

b6e448106cb74f1651c0f69eb6d966c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\comhost\comhost.pdb

Imports

wintrust

WinVerifyTrust

kernel32

OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
CreateFileW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
FindResourceW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
IsWow64Process
LoadLibraryExW
UnmapViewOfFile
GetCurrentProcessId
DecodePointer
EncodePointer
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadResource
LockResource
SizeofResource
GetLastError
GetModuleHandleExW
LCMapStringEx
CloseHandle
InitializeCriticalSectionEx
GetStringTypeW
InitializeSListHead
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
TlsAlloc
SetLastError
InterlockedFlushSList
SetUnhandledExceptionFilter
RaiseException
TerminateProcess
IsDebuggerPresent
RtlUnwind

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemFree

oleaut32

SetErrorInfo
CreateErrorInfo

advapi32

RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
RegGetValueW

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fclose
fgetc
fwrite
fgetpos
ungetc
fsetpos
fread
setvbuf
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__stdio_common_vfwprintf
fputws
_fseeki64
fputwc
fflush
fputc
__acrt_iob_func
_get_stream_buffer_pointers
_wfsopen
fseek
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
abort
_seh_filter_dll
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_errno
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_cexit
_initterm_e
_wcserror_s
_initterm

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_callnewh
calloc
free

api-ms-win-crt-string-l1-1-0

wcsnlen
__strncnt
islower
isupper
strcspn
wcsncmp
toupper
_wcsdup
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-locale-l1-1-0

___lc_locale_name_func
__pctype_func
___lc_codepage_func
_unlock_locales
_lock_locales
localeconv
setlocale
___mb_cur_max_func

api-ms-win-crt-math-l1-1-0

frexp

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6e448106cb74f1651c0f69eb6d966c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

kernel32

ole32

oleaut32

advapi32

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 256KB - Virtual size: 256KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 256KB - Virtual size: 256KB