e8c921ab8dcd8d1d3ea22263a1dfff80_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e8c921ab8dcd8d1d3ea22263a1dfff80_NeikiAnalytics.exe
Size

1.1MB
MD5

e8c921ab8dcd8d1d3ea22263a1dfff80
SHA1

dda1c4f3c15409d7f650a4682c180440e4dbb380
SHA256

b7f5b9fac2433b17b1475e044595431ead912fa8c621b521748823779550b4c6
SHA512

3bab41a6a60e50a570ca12eac054bf461076226f65460d17791db165f7eca431e2b6778af241dadcb7bda299ec374f16e19671a8f31bb83660bd12e01e6ddcf8
SSDEEP

24576:PbQ8Ev07+55OBibOmojQs74tGgPB8XZIdMEtdFQ1YN9A6vO:P8V07nUbOmYi3p8XSdMaMYN6+O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8c921ab8dcd8d1d3ea22263a1dfff80_NeikiAnalytics.exe

Files

e8c921ab8dcd8d1d3ea22263a1dfff80_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

888742b8dd20542042b35143c687bdb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vssagent.pdb

Imports

advapi32

OpenEventLogW
ReadEventLogW
CloseEventLog
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ControlService
CloseServiceHandle
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
DeregisterEventSource
RegDeleteTreeW
RegQueryValueExW
ReportEventW
RegisterEventSourceW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
OpenProcessToken

kernel32

GetSystemInfo
GlobalMemoryStatusEx
QueryDosDeviceW
CloseHandle
CreateFileW
GetVolumeNameForVolumeMountPointW
FindFirstVolumeW
FindNextVolumeW
GetDriveTypeW
GetVolumePathNameW
GetDiskFreeSpaceExW
GetVolumeInformationW
FindVolumeClose
CopyFileW
GetFullPathNameW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
WideCharToMultiByte
WriteFile
LoadLibraryExW
FindClose
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
SetConsoleCtrlHandler
GetModuleHandleW
InitializeCriticalSection
SetFilePointer
ReadFile
DeleteCriticalSection
CreateMutexW
ReleaseMutex
GetStdHandle
GetConsoleMode
SetConsoleMode
FreeLibrary
GetProcAddress
lstrcmpiW
lstrcpynW
VirtualProtect
VirtualAlloc
GetCurrentProcess
SizeofResource
LoadResource
FindResourceExW
lstrcpyW
Sleep
HeapDestroy
ReleaseSRWLockShared
InitializeSRWLock
GetCurrentThread
GetSystemTime
TlsFree
TlsGetValue
TlsAlloc
OutputDebugStringW
TlsSetValue
lstrlenW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetComputerNameExW
GetWindowsDirectoryW
GetModuleFileNameW
DeleteFileW
AcquireSRWLockShared
MultiByteToWideChar
LocalAlloc
GetTimeFormatW
GetThreadLocale
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFree
GetLastError
DeviceIoControl
GetNativeSystemInfo
VirtualQuery
IsWow64Process
FormatMessageW
GetCommandLineW
HeapSetInformation
GetTickCount

msvcrt

_unlock
memcpy
__dllonexit
_onexit
_lock
memcmp
_vsnprintf
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_wtoi
wcscpy_s
wcscat_s
malloc
__C_specific_handler
fflush
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
iswalnum
qsort
free
realloc
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_purecall
wcsncmp
_wcsicmp
wcschr
iswspace
_vsnwprintf
wprintf
__CxxFrameHandler3
memset
_CxxThrowException
__iob_func
_wcsnicmp
wcscmp

ole32

CoResumeClassObjects
CoRegisterClassObject
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoRevokeClassObject

user32

CharNextW
KillTimer
SetTimer
UnregisterDeviceNotification
RegisterDeviceNotificationW
PostMessageW
FindWindowW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
UnregisterClassW
LoadStringW
CharPrevW

oleaut32

VariantClear
VarUI4FromStr
GetErrorInfo
VariantChangeType
SysAllocString
SysStringLen
SysFreeString
RegisterTypeLi
LoadTypeLi

rpcrt4

RpcStringFreeW
UuidToStringW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shlwapi

PathFileExistsW

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces

vssapi

CreateVssBackupComponentsInternal

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

clusapi

OpenCluster
CloseCluster

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Sections

.text
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

888742b8dd20542042b35143c687bdb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

user32

oleaut32

rpcrt4

ntdll

shlwapi

setupapi

vssapi

version

clusapi

api-ms-win-security-lsalookup-l1-1-0

Sections

.text Size: 327KB - Virtual size: 327KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 5KB - Virtual size: 140KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 327KB - Virtual size: 327KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 5KB - Virtual size: 140KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 568KB - Virtual size: 572KB