c271d68e00e5d876dcae7a0df9d1cc20_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c271d68e00e5d876dcae7a0df9d1cc20_NeikiAnalytics.exe
Size

74KB
MD5

c271d68e00e5d876dcae7a0df9d1cc20
SHA1

6b731da913ddb8880a7d59ca449adbc4fe151414
SHA256

526762d057fcce31817b167690909e04b4dd9b8352963b216639a1045d7c0cea
SHA512

03a4084fb960462762767e6482eedfd2845417ac8c5611c0456949a36bacd9442578bfe24e220f2a0cfea519a4fc999bbb4eca61b484c2509039ff8faeb409b3
SSDEEP

1536:/FMtXdbfqvHXaBTJcglhD9da7tbvj8q3WY5bkRRukng:/Sv2aBTq+hDva75vjnWY5bkRokg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c271d68e00e5d876dcae7a0df9d1cc20_NeikiAnalytics.exe

Files

c271d68e00e5d876dcae7a0df9d1cc20_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

a42b1936d683dfa9a9874ce400da848f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

CreateRestrictedToken
CreateProcessAsUserW
ConvertSidToStringSidA
IsTextUnicode
OpenProcessToken

ntdll

RtlStringFromGUID
RtlEqualString
RtlFreeUnicodeString

kernel32

GetCurrentProcess
CloseHandle
LoadLibraryW
GetProcAddress
LocalAlloc
LocalFree
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
TerminateProcess
GetLastError
HeapFree
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
WriteConsoleW
SetFilePointer
GetModuleFileNameW
HeapAlloc
HeapReAlloc
SetEndOfFile
GetProcessHeap
ReadFile
LCMapStringW
GetStringTypeW
HeapSize

Exports

Exports

ExtensionApiVersion
InitializeChangeNotify
PasswordChangeNotify
SpLsaModeInitialize
WinDbgExtensionDllInit
casakatz
startW

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a42b1936d683dfa9a9874ce400da848f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

kernel32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 856B

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 856B