c6a114b930a97bd01cffe4aee07d3450_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c6a114b930a97bd01cffe4aee07d3450_NeikiAnalytics.exe
Size

251KB
MD5

c6a114b930a97bd01cffe4aee07d3450
SHA1

c58e7a2a707eb446cfd5759b301b10d9e2fea7b1
SHA256

a32a8e57beeb65414ed4dc95a52d876bb56a524594dc299769a923b637b8f130
SHA512

8c086297ca8f4f01b4fb1b5951d023f7e4faf4d565f6d32387fc92b725fdf12ae7db387a5cc598b5c05742b0259b217111668f36154d5c615428e931e69cbd7e
SSDEEP

6144:MO3Y40KItXLeYFZDxmHNyt3cllzXNIkL6wlv1+VlNp:r3Y40KIxLv3ist3+/IkL6wv+T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6a114b930a97bd01cffe4aee07d3450_NeikiAnalytics.exe

Files

c6a114b930a97bd01cffe4aee07d3450_NeikiAnalytics.exe
.dll regsvr32 windows:10 windows x86 arch:x86

76bb66851f3325f47f693f4f6217181a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msadrh15.pdb

Imports

msvcrt

ceil
_ftol2_sse
floor
_purecall
_stricmp
_ultoa_s
_wcsnicmp
_XcptFilter
_amsg_exit
free
malloc
_initterm
?terminate@@YAXXZ
_except_handler4_common
__CxxFrameHandler3
memcpy
strncpy_s
memset

msdart

MpGetHeapHandle
FXMemAttach
MpHeapAlloc
MpHeapFree
FXMemDetach

kernel32

GetUserDefaultUILanguage
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
CompareStringW
LoadLibraryExW
VirtualQuery
FreeLibrary
GetCurrentProcessId
DeleteCriticalSection
GetProcAddress
WideCharToMultiByte
GetModuleFileNameA
EnterCriticalSection
OutputDebugStringA
GetDriveTypeA
LoadLibraryExA
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
DisableThreadLibraryCalls
GetSystemDirectoryA
SearchPathA

advapi32

UnregisterTraceGuids
RegCloseKey
RegGetValueA
RegQueryValueExA
RegisterTraceGuidsW
RegOpenKeyExA

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoGetClassObject

oleaut32

SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopy
SetErrorInfo
SysAllocString
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SysFreeString
VariantClear
VariantInit
SysStringLen
VariantChangeType
GetErrorInfo
SafeArrayUnaccessData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdbid
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76bb66851f3325f47f693f4f6217181a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

msdart

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 69KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.sdbid Size: 172KB - Virtual size: 172KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 70KB - Virtual size: 69KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.sdbid
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB