b0a25eb75fe9e1fe396d9bffac164240_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b0a25eb75fe9e1fe396d9bffac164240_NeikiAnalytics.exe
Size

1.6MB
MD5

b0a25eb75fe9e1fe396d9bffac164240
SHA1

f09df5465b52707ef815755580b4c021786477e9
SHA256

cce9cd6f5d9876dad76c7bfe69aab319aa1d9bcac4863c4300f08baecedb6a37
SHA512

c58e62713b879680a615703da5678a099de6c48c685eed27b355dfd67bf5ae7d8bb96e34a953cffb9b40851c0525f13901e31804e96d210f85c63dc3fd8780f9
SSDEEP

24576:1gPZLsoYUmEP8ROGkZk9MUoIr5HlMP6OQ:KZLsoLPekZiMvIViyOQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0a25eb75fe9e1fe396d9bffac164240_NeikiAnalytics.exe

Files

b0a25eb75fe9e1fe396d9bffac164240_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

848904a7d84e584b186ab3cbc3208966

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

signtool.pdb

Imports

advapi32

CryptDestroyKey
CryptReleaseContext
CryptSetHashParam
CryptCreateHash
CryptDestroyHash
CryptAcquireContextW
CryptEnumProvidersW
CryptGetUserKey
CryptSignHashA

kernel32

EnterCriticalSection
InitializeCriticalSection
DecodePointer
DeleteCriticalSection
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetDateFormatEx
GetTimeFormatEx
LeaveCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
OutputDebugStringW
GetVersionExA
ExpandEnvironmentStringsW
GetFileType
GetModuleHandleA
HeapSetInformation
LocalAlloc
EnumResourceNamesW
EnumResourceLanguagesW
LockResource
LoadResource
SizeofResource
FindResourceExW
GetFileInformationByHandle
GetEnvironmentVariableW
LoadLibraryW
MapViewOfFile
CreateFileMappingA
GetFileSize
GetSystemInfo
UnmapViewOfFile
LocalFree
CreateFileW
Wow64RevertWow64FsRedirection
CloseHandle
SetLastError
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapAlloc
GetCurrentThreadId
FormatMessageW
FreeLibrary
LoadLibraryA
FindNextFileW
GetFullPathNameW
FindFirstFileW
GetLastError
GetProcessHeap
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
WriteFile
EncodePointer

mfc42

ord6890
ord6891

msvcrt

isupper
setlocale
malloc
___lc_codepage_func
___lc_handle_func
__pctype_func
_errno
___mb_cur_max_func
fputc
__uncaught_exception
strerror
__mb_cur_max
memset
memmove
memcpy
ungetwc
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fgetpos
fgetc
abort
__crtLCMapStringA
_CxxThrowException
_wsetlocale
_purecall
puts
_time64
realloc
strchr
swscanf
_wtoi
qsort_s
exit
wcsrchr
_mktime64
towlower
_exit
_cexit
_initterm
_XcptFilter
??4exception@@QEAAAEAV0@AEBV0@@Z
_amsg_exit
__wgetmainargs
__set_app_type
memchr
_onexit
calloc
__crtLCMapStringW
??0exception@@QEAA@AEBQEBDH@Z
___lc_collate_cp_func
__crtCompareStringW
memcmp
__iob_func
islower
fclose
fseek
wcsncmp
fflush
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_wfopen
_wcsnicmp
towupper
iswdigit
iswalpha
fgetwc
wprintf
fwprintf
wcsstr
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
??_V@YAXPEAX@Z
strcspn
localeconv
memmove_s
sprintf_s
_wcsicmp
putchar
_wctime64
mktime
fputwc
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
__setusermatherr
strcmp

ntdll

RtlCaptureContext
RtlWow64EnableFsRedirectionEx
RtlAllocateHeap
RtlFreeHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

crypt32

CertFindAttribute
CertGetEnhancedKeyUsage
CryptMsgClose
CertCreateCertificateContext
CertCompareCertificate
CryptMsgControl
CertDuplicateStore
CertCloseStore
CertDuplicateCertificateChain
CryptEncodeObjectEx
CertGetCertificateContextProperty
CryptQueryObject
CertAddCertificateContextToStore
CertOpenStore
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CryptStringToBinaryW
CertFindRDNAttr
CryptDecodeObject
CryptVerifyDetachedMessageSignature
CryptVerifyMessageSignature
CryptMsgOpenToDecode
CryptMsgUpdate
CryptExportPublicKeyInfoEx
CryptAcquireCertificatePrivateKey
CertGetNameStringW
CertFindExtension
CertGetValidUsages
CertGetCertificateChain
CryptHashCertificate2
CertSetCertificateContextProperty
CryptBinaryToStringA
CryptStringToBinaryA
CryptBinaryToStringW
CertControlStore
PFXImportCertStore
CertFindCertificateInStore
CertAddStoreToCollection
CryptMsgOpenToEncode
CertComparePublicKeyInfo
CryptMsgGetParam
CertFreeCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateContext
CryptDecodeObjectEx
CryptSIPRetrieveSubjectGuid
CryptSIPLoad
CryptFindOIDInfo
CryptMemFree

user32

LoadStringW

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
GetErrorInfo

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

shlwapi

SHCreateStreamOnFileW

bcrypt

BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptCreateHash

ncrypt

NCryptSignHash

xmllite

CreateXmlWriter

mssign32

SignerSign
SignerTimeStamp
SignerFreeSignerContext

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

848904a7d84e584b186ab3cbc3208966

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

mfc42

msvcrt

ntdll

crypt32

user32

ole32

oleaut32

wintrust

shlwapi

bcrypt

ncrypt

xmllite

mssign32

Sections

.text Size: 264KB - Virtual size: 260KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 4KB - Virtual size: 21KB

.pdata Size: 12KB - Virtual size: 10KB

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 264KB - Virtual size: 260KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 21KB

.pdata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB