64e0891bf5ef02e93d7fe864cc74b0e0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

64e0891bf5ef02e93d7fe864cc74b0e0_NeikiAnalytics.exe
Size

1.7MB
MD5

64e0891bf5ef02e93d7fe864cc74b0e0
SHA1

f685c74f1e7ee5f0b07a096b1b8f25aa0d556797
SHA256

412e3e8d64e0862ece71a27bbaeb1feaffb22c5d6fe4edb3becaf86d643803d5
SHA512

a3adb1ba68bd3d3c023249a3ca77c4a100f3507e0e0ed5f9bef4e504b0d19d609207f926b73468b95c0ab86692241cfd40beaee9876cc3f72ee6c6b039fc76f1
SSDEEP

49152:fpjbqw/7C3EtIqDocLNiXicJFFRGNzj3:hG3EKc7wRGpj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64e0891bf5ef02e93d7fe864cc74b0e0_NeikiAnalytics.exe

Files

64e0891bf5ef02e93d7fe864cc74b0e0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

b0eaddcca0d7d7bb5e1a9ae5d4025d5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\workspace\wsg-cit\ABI-Integration\Killer_Release_3.1\src\Build\Release\Bin\x64\KNDBWM.pdb

Imports

kernel32

PeekNamedPipe
CreateFileW
GetGeoInfoEx
GetUserDefaultGeoName
GetSystemPowerStatus
GetModuleHandleW
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
LocalAlloc
TerminateProcess
OpenMutexW
GetCurrentProcess
GetTimeZoneInformation
SetThreadInformation
SetProcessInformation
GetModuleFileNameW
CreatePipe
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
GetTempPathA
Process32NextW
FileTimeToSystemTime
GetCurrentThread
Process32FirstW
FileTimeToLocalFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetExitCodeProcess
MultiByteToWideChar
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
UnlockFile
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetFileSizeEx
ReadConsoleW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
DeleteFileA
CreateFileA
GetFileAttributesA
CopyFileA
SetFilePointer
LockFile
WriteFile
ReadFile
SetEvent
GetCurrentThreadId
SystemTimeToFileTime
LocalFree
FormatMessageW
GetComputerNameA
QueryPerformanceCounter
GetLocalTime
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
CreateThread
WTSGetActiveConsoleSessionId
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetStdHandle
ResumeThread
ExitThread
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetConsoleCP
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
CloseHandle
GetCurrentProcessId
GetTickCount64
Sleep
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
GetEnvironmentStringsW
HeapFree
RtlUnwind
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetProcAddress
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
GetStringTypeW
TryEnterCriticalSection

user32

PostQuitMessage
LoadCursorW
DispatchMessageW
EnumWindows
GetWindowTextW
GetMessageW
LoadIconW
TranslateMessage
RegisterSuspendResumeNotification
CreateWindowExW
ShowWindow
DefWindowProcW
SendMessageW
UnregisterSuspendResumeNotification
UpdateWindow
PostThreadMessageW
RegisterClassExW

gdi32

CreateSolidBrush

advapi32

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyValueW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW

shell32

SHGetFolderPathW

ole32

CoUninitialize
OleRun
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoReleaseServerProcess
StringFromGUID2
CoAddRefServerProcess
CLSIDFromString

oleaut32

VariantClear
GetErrorInfo
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayDestroy
SysAllocStringByteLen
SysAllocString
SysFreeString
SafeArrayLock

shlwapi

PathFindFileNameW

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIpInterfaceEntry
InitializeIpInterfaceEntry
GetIfTable
GetIpForwardTable
CreateIpForwardEntry
DeleteIpForwardEntry
IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
Icmp6SendEcho2
Icmp6CreateFile

ws2_32

WSAStartup
WSACleanup
freeaddrinfo
inet_addr
InetNtopW
getaddrinfo

pdh

PdhAddCounterW
PdhRemoveCounter
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryW

rpcrt4

UuidToStringA
RpcStringFreeA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsA
WTSRegisterSessionNotification
WTSFreeMemory

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlIpv6AddressToStringW
RtlLookupFunctionEntry

wlanapi

WlanOpenHandle
WlanRegisterNotification
WlanFreeMemory
WlanQueryInterface
WlanCloseHandle

Sections

.text
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0eaddcca0d7d7bb5e1a9ae5d4025d5a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

ws2_32

pdh

rpcrt4

userenv

wtsapi32

ntdll

wlanapi

Sections

.text Size: 820KB - Virtual size: 820KB

.rdata Size: 329KB - Virtual size: 328KB

.data Size: 16KB - Virtual size: 293KB

.pdata Size: 37KB - Virtual size: 37KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 820KB - Virtual size: 820KB

.rdata
Size: 329KB - Virtual size: 328KB

.data
Size: 16KB - Virtual size: 293KB

.pdata
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB