d06f93783cdec710901c64cbdfb83b60_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

d06f93783cdec710901c64cbdfb83b60_NeikiAnalytics.exe
Size

776KB
MD5

d06f93783cdec710901c64cbdfb83b60
SHA1

2f1ed53f6324cd81af3b463a694c14b3385ecc6d
SHA256

db5833bb4f3e8359135c4fefec735cd5cad54b9262e6f54c211411f04a52300e
SHA512

0a149d86d7158eba5eb006e9e174d5f6198b35de1346c84b2ec8fa03caaea86559192de1e8732cddd7c20b241f33bde493cb76282656a902f3444144e807024d
SSDEEP

12288:e6+kHiRjp/SInr8vv2BDeT+bVYHTb3FRk/rMNxaXqqlPbJKTGv5DYFXOBnXREHa:e6PHqF/i328ab4F+rM/aXq6bJfBUam6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d06f93783cdec710901c64cbdfb83b60_NeikiAnalytics.exe

Files

d06f93783cdec710901c64cbdfb83b60_NeikiAnalytics.exe
.exe windows:10 windows x86 arch:x86

815c5627374bb33f87584a2d3aec2a7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TB3x.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

GetProcessHeap
GetVersionExW
lstrcmpiW
LocalFree
HeapFree
HeapAlloc
GetCurrentThreadId
GetLocalTime
WideCharToMultiByte
CloseHandle
OutputDebugStringW
FindFirstFileW
FormatMessageW
HeapSetInformation
FindClose
GetSystemDefaultLCID
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryExA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep

gdi32

CreateFontIndirectW
GetTextExtentPoint32W

user32

AppendMenuW
DrawIcon
EnableMenuItem
GetWindowRect
MessageBoxW
GetCursorPos
ScreenToClient
GetSubMenu
CheckMenuItem
GetSystemMenu
GetMenuState
GetMenu
LoadMenuW
GetSystemMetrics
EnableWindow
IsIconic
MoveWindow
SendMessageW
GetWindowLongW
SetWindowLongW
EnumChildWindows
LoadIconW
PeekMessageW
InsertMenuW
GetDC
ReleaseDC
PostMessageW
GetClientRect
CopyRect
GetSysColor

mfc42u

ord2440
ord1569
ord2036
ord922
ord861
ord1262
ord1258
ord1257
ord5568
ord925
ord537
ord6910
ord4667
ord3658
ord2385
ord1560
ord268
ord773
ord3621
ord2406
ord3614
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord6433
ord2506
ord641
ord692
ord656
ord5285
ord5303
ord4074
ord5296
ord3341
ord2388
ord3733
ord561
ord2613
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord2717
ord5710
ord4692
ord5298
ord815
ord1131
ord810
ord686
ord781
ord4269
ord540
ord538
ord940
ord2810
ord2910
ord800
ord6130
ord6132
ord535
ord858
ord942
ord5706
ord6218
ord6921
ord6919
ord2756
ord4155
ord6928
ord353
ord1184
ord5436
ord6379
ord5446
ord6390
ord501
ord1083
ord1165
ord1634
ord470
ord755
ord3649
ord2430
ord2858
ord1637
ord6266
ord2576
ord4215
ord2294
ord1662
ord2644
ord3133
ord4282
ord567
ord5273
ord2116
ord2438
ord5257
ord1720
ord3087
ord6195
ord3871
ord4294
ord5059
ord3744
ord6330
ord6372
ord2047
ord2640
ord4435
ord4831
ord6451
ord4803
ord5047
ord3793
ord5286
ord4347
ord6370
ord5157
ord2371
ord2377
ord5237
ord4401
ord1768
ord4073
ord4621
ord6051
ord3397
ord3592
ord324
ord4704
ord4992
ord4847
ord4370
ord5276
ord4419
ord1767
ord6048
ord5261
ord3634
ord3798
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord4395
ord3605
ord1143
ord6504
ord2099
ord2836
ord3728
ord3291
ord3298
ord3292
ord3282
ord6004
ord4120
ord3909
ord3393
ord384
ord2089
ord2857
ord3703
ord2103
ord4229
ord4124
ord2355
ord6279
ord6278
ord1594
ord3332
ord5596
ord2768
ord2854
ord2353
ord2356
ord2362
ord2359
ord2288
ord2287
ord2284
ord2283
ord2281
ord6238
ord6316
ord3088
ord6211
ord5977
ord5929
ord6733
ord6759
ord5830

msvcrt

__wgetmainargs
__CxxFrameHandler3
__argc
__wargv
memset
isprint
_wcsicmp
_ftol2_sse
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
isxdigit
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
free
_putws
memcmp
_CxxThrowException
_vsnwprintf
wcstol
memcpy
isdigit

atl

ord30

ole32

StringFromGUID2
CLSIDFromString
CoTaskMemFree
StringFromIID
StringFromCLSID
CoInitializeEx
CoUninitialize

oleaut32

SysStringLen
SafeArrayDestroy
SafeArrayAccessData
SysAllocString
VariantInit
VariantClear
VarI4FromStr
VarBstrFromCy
SafeArrayUnaccessData
VarBstrFromDate
VarUI4FromStr
LoadTypeLibEx
SysStringByteLen
SafeArrayCreate
SafeArrayPutElement
VarDateFromStr
VariantChangeType
QueryPathOfRegTypeLi
GetRecordInfoFromTypeInfo
SysFreeString

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

815c5627374bb33f87584a2d3aec2a7e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

atl

ole32

oleaut32

Sections

.text Size: 179KB - Virtual size: 178KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 179KB - Virtual size: 178KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 580KB - Virtual size: 584KB