e7c82bf195a7240d8489ddebc6d74c00_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e7c82bf195a7240d8489ddebc6d74c00_NeikiAnalytics.exe
Size

6.5MB
MD5

e7c82bf195a7240d8489ddebc6d74c00
SHA1

45cd49e1073ce6ddcb7e4dd2a43b33bd790a706c
SHA256

c3687b8032b8d2fec7e5c884b97306745d9990a49b02e44bc0a0ee78b4df32ef
SHA512

be330c64c6d2f9fddb807d80f6ccd1e5afa24203b5b841e147942c9158dcf62e47a5b135bcf0b8fb5fa59184a6f333cd33218e9e0b2de441522413587b787a28
SSDEEP

49152:BGtlq8FVwASOwpIU6iKTwjYpZryR5hT466x+l7zI6/6IssN8r0ws84e+JJlqo17l:vO+LYb/M/Lw9Wt6ADD4nlrB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7c82bf195a7240d8489ddebc6d74c00_NeikiAnalytics.exe

Files

e7c82bf195a7240d8489ddebc6d74c00_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

0980e08c6136b70ba11b7a438685d9a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Project\Olympus\Bin\Project3.pdb

Imports

ws2_32

WSACloseEvent
WSACreateEvent
setsockopt
ioctlsocket
freeaddrinfo
WSAEnumNetworkEvents
WSARecvFrom
htonl
connect
ntohs
socket
WSAEventSelect
send
WSAResetEvent
WSAWaitForMultipleEvents
shutdown
recv
getpeername
getsockopt
WSASetLastError
WSAIoctl
accept
listen
recvfrom
sendto
gethostname
gethostbyname
inet_addr
inet_ntoa
gethostbyaddr
getsockname
getaddrinfo
getservbyport
getservbyname
htons
WSASendTo
WSACleanup
WSAStartup
__WSAFDIsSet
bind
closesocket
select
ntohl
WSAGetLastError

winmm

timeBeginPeriod
timeGetTime

d3d9

Direct3DCreate9

normaliz

IdnToAscii

wldap32

ord211
ord60
ord45
ord50
ord41
ord22
ord217
ord27
ord32
ord33
ord35
ord30
ord200
ord301
ord143
ord79
ord46
ord26

crypt32

CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

advapi32

ConvertSidToStringSidA
OpenProcessToken
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CopySid
SetSecurityInfo
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
AddAccessAllowedAce
GetLengthSid
InitializeAcl
IsValidSid
GetTokenInformation

kernel32

ExitThread
FreeLibraryAndExitThread
HeapValidate
WriteConsoleW
DuplicateHandle
CreateProcessW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetConsoleTitleA
GetCurrentProcess
GetProcessAffinityMask
GetModuleHandleA
Sleep
CloseHandle
GetConsoleWindow
SetUnhandledExceptionFilter
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
VerSetConditionMask
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
LoadLibraryExA
GetLastError
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetSystemDirectoryA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
FileTimeToSystemTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetEnvironmentVariableW
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetACP
RtlVirtualUnwind
GetCurrentProcessId
LoadLibraryW
GetConsoleMode
SetConsoleMode
ExitProcess
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
CreateFileW
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CreateThread
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
QueryFullProcessImageNameW
LocalFree
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
MoveFileExW
GetTempPathW
GetFullPathNameW
GetCurrentDirectoryW
AreFileApisANSI
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
TryAcquireSRWLockExclusive
SetFilePointerEx
SetConsoleCtrlHandler
VirtualQuery
SetEnvironmentVariableW
DeleteFileW
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapQueryInformation
WaitForSingleObject
GetExitCodeProcess
FlushFileBuffers
RtlPcToFileHeader
RtlUnwindEx
RaiseException
OutputDebugStringW
InitializeSListHead
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
ReadConsoleA
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetTimeZoneInformation
CreatePipe
SetStdHandle
SetEndOfFile
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
GetCurrentThreadId
FreeEnvironmentStringsW
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer

user32

GetProcessWindowStation
GetWindowLongW
AdjustWindowRectEx
GetKeyState
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
GetCapture
GetMonitorInfoW
ClientToScreen
IsChild
TrackMouseEvent
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
LoadCursorW
GetUserObjectInformationW
SetCursor
SetWindowLongW
MessageBoxW
IsWindowUnicode
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
GetForegroundWindow
TranslateMessage
PostQuitMessage
GetWindowTextW
MessageBoxA
GetClientRect
SetCapture
UpdateWindow

gdi32

GetDeviceCaps

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0980e08c6136b70ba11b7a438685d9a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

d3d9

normaliz

wldap32

crypt32

advapi32

kernel32

user32

gdi32

shell32

ole32

imm32

rpcrt4

psapi

userenv

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 29KB - Virtual size: 62KB

.pdata Size: 186KB - Virtual size: 186KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 29KB - Virtual size: 62KB

.pdata
Size: 186KB - Virtual size: 186KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 40KB - Virtual size: 40KB