d52542c35ff212d1fdd7ffc8cc7a5050_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d52542c35ff212d1fdd7ffc8cc7a5050_NeikiAnalytics.exe
Size

548KB
MD5

d52542c35ff212d1fdd7ffc8cc7a5050
SHA1

cf13352a2ffb85699c8a8ad8fec2014ceccf2308
SHA256

79637ee1ec3bf6226e26b1bc28704f525fb5f81700efa6ea221c10f84ee0d7da
SHA512

06e5ef86b84c509613acc2e2be375edd00f93d62a6968f318dbc1a523d0dd9029d7a7de4be59a9ee6fbf1f33938dd9db33b98e513d64a4fa917c7a16a07fbdc2
SSDEEP

12288:QaVM6ggR5xz15l92o571zmsvAYkRJ16l6xg8YWIXeAY7Y5iQqn6cnx:QaVM6ggR5xx5hfvVYv6lp8YWqevY5L+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d52542c35ff212d1fdd7ffc8cc7a5050_NeikiAnalytics.exe

Files

d52542c35ff212d1fdd7ffc8cc7a5050_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

f75beacd98cb0f18bdc531fd28788c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
WSASocketW
setsockopt
closesocket

kernel32

FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
RaiseException
GetCurrentThread
GetSystemTimeAsFileTime
SetFilePointer
SetEndOfFile
CreateProcessW
GetModuleHandleW
VirtualFree
IsBadReadPtr
WriteFile
WideCharToMultiByte
VirtualFreeEx
LoadLibraryW
TerminateThread
ReadProcessMemory
IsBadWritePtr
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
ExitThread
GetLastError
GetProcAddress
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
CloseHandle
WriteProcessMemory
ResumeThread
MapViewOfFile
UnmapViewOfFile
GetTickCount
CreateFileMappingW
GetTempFileNameW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
CreateEventA
GetEnvironmentStringsW
GetWindowsDirectoryW
DeleteFileW
HeapAlloc
HeapFree
GetProcessHeap
GetFileSize
FlushFileBuffers
CreateFileA
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
InterlockedCompareExchange
SetEvent
ConnectNamedPipe
CreateNamedPipeW
InitializeCriticalSection
LeaveCriticalSection
DisconnectNamedPipe
BindIoCompletionCallback
EnterCriticalSection
ResetEvent
CreateEventW
CancelIo
DeleteCriticalSection
ExitProcess
GetSystemDirectoryW
Sleep
GetFileAttributesW
OpenEventW
GetCurrentProcessId
CreateThread
GetCommandLineW
GetCurrentDirectoryW
GetVersion
TlsGetValue
VirtualQuery
SleepEx
TlsSetValue
GetSystemInfo
GetCurrentThreadId
TlsAlloc
TlsFree
MoveFileW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
GetConsoleCP
GetConsoleMode
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetStdHandle
WriteConsoleW
GetTempPathW
SetNamedPipeHandleState
IsProcessorFeaturePresent
GetStdHandle
DecodePointer
HeapReAlloc
EncodePointer
HeapSize
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
SetLastError
InitializeCriticalSectionAndSpinCount

advapi32

FreeSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
SetSecurityDescriptorGroup
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW
GetLengthSid

user32

GetForegroundWindow

shell32

ord680
ShellExecuteW
SHGetSpecialFolderPathW

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f75beacd98cb0f18bdc531fd28788c13

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

user32

shell32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 346KB - Virtual size: 345KB

.data Size: 5KB - Virtual size: 15KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 346KB - Virtual size: 345KB

.data
Size: 5KB - Virtual size: 15KB

.reloc
Size: 10KB - Virtual size: 9KB