7f0bfaa8bed13663b7e450b9b521d760_NeikiAnalytics[.]exe

General

Target

7f0bfaa8bed13663b7e450b9b521d760_NeikiAnalytics.exe
Size

376KB
MD5

7f0bfaa8bed13663b7e450b9b521d760
SHA1

af2e9a02b0d66cbf6000b59051ee6b5f6a61faad
SHA256

5f4c10b9ad075118b7fb76e46e65b2437a22da82e497ce5c2fbbbd2d91716792
SHA512

6f81d84dc8c3f25963f43629da5bf7d22cf873931af7628e89bd0bfd8366d6c9afd30bf197229ab577a7dbe7b50858c3176155a9ef00afd1250fd01a77887bde
SSDEEP

6144:C53ed/ctZ68m4krW63XaTdPGlt5rZm4CcSF8Emr7jpJrhgqqDL6GGHrIr0x9:ChocT68th63XkVGlnZscSF8EKdJrLqnq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f0bfaa8bed13663b7e450b9b521d760_NeikiAnalytics.exe

Files

7f0bfaa8bed13663b7e450b9b521d760_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

6260d2c56a9c193160f2f217575b2ab4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

libplc4

libVersionPoint

libplds4

PL_HashTableRemove
PL_HashString
PL_NewHashTable
PL_HashTableAdd
PL_HashTableLookup
PL_InitArenaPool
PL_ArenaAllocate
PL_FinishArenaPool
PL_FreeArenaPool
PL_ArenaGrow
PL_CompareStrings
PL_ArenaRelease

libnspr4

PR_Close
PR_Sleep
PR_AtomicIncrement
PR_AtomicDecrement
PR_SetError
PR_CallOnce
PR_Calloc
PR_Realloc
PR_Malloc
PR_EnterMonitor
PR_Notify
PR_Wait
PR_ExitMonitor
PR_UnloadLibrary
PR_NewMonitor
LL_Zero
PR_Unlock
PR_LoadLibrary
PR_FindSymbol
PR_NewLock
PR_Lock
PR_DestroyLock
PR_GetError
PR_Now
PR_smprintf
PR_Free
PR_Read
PR_Open
PR_GetOpenFileInfo
PR_Write

msvcrt

fopen
_getpid
_lseek
_strdup
_getch
_fileno
_close
_read
_stat
_unlink
_open
_controlfp
__set_app_type
__p__fmode
_except_handler3
_adjust_fdiv
__setusermatherr
__p__commode
__getmainargs
__p___initenv
_initterm
_exit
__p___mb_cur_max
_XcptFilter
memmove
_get_osfhandle
__p__pctype
_findfirst
_findnext
remove
time
_findclose
rand
abort
free
calloc
tolower
fread
printf
fgets
fflush
fprintf
_iob
strncpy
getenv
exit
malloc
strncmp
_isctype
sprintf
_errno
fclose
_write

kernel32

GetCurrentProcessId
FlushFileBuffers
GetSystemDirectoryA
GlobalMemoryStatus
GetLogicalDrives
GetComputerNameA
GetCurrentProcess
GetVolumeInformationA
GetDiskFreeSpaceA
QueryPerformanceCounter
GetTickCount

Exports

Exports

dbopen
mktemp
sec_port_ucs2_utf8_conversion_function
sec_port_ucs4_utf8_conversion_function

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6260d2c56a9c193160f2f217575b2ab4

Headers

File Characteristics

Imports

libplc4

libplds4

libnspr4

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 268KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 40KB - Virtual size: 59KB

.text
Size: 272KB - Virtual size: 268KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 40KB - Virtual size: 59KB