df18d9982489748bc0193c77d8ce2f90_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

df18d9982489748bc0193c77d8ce2f90_NeikiAnalytics.exe
Size

707KB
MD5

df18d9982489748bc0193c77d8ce2f90
SHA1

a780cc444e03648a6cd4745327841687c7e71148
SHA256

2c3a3396bb2adf5e06b09d092cbe3307114b21ae1a8fbfa09f47495113a40048
SHA512

80028f394c8256a1b402ce5ffa12fce40c4191fea3b36aa542651de417fcda3520df87c3f98ed09922971a6fbf876670e6535eee0930a501308cd0480ced849f
SSDEEP

12288:idZvsOvbn3dTIBDjPsNOSowuyQrmL3TNdI9/MSjVGAzjcffshMKwOoPlqaZ9u4+s:idZ/vbntTIBDClifPquMS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df18d9982489748bc0193c77d8ce2f90_NeikiAnalytics.exe

Files

df18d9982489748bc0193c77d8ce2f90_NeikiAnalytics.exe
.exe windows:1 windows x86 arch:x86

519dd05a2a7b4944a510d57f22a4d77e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

pcre3

pcre_compile
pcre_exec

pthreadgc2

pthread_rwlock_wrlock
pthread_rwlock_rdlock
pthread_rwlock_unlock
pthread_rwlock_init
pthread_rwlock_destroy
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_setcancelstate
pthread_setcanceltype
ptw32_push_cleanup
ptw32_pop_cleanup
pthread_testcancel
pthread_cancel
pthread_join
pthread_attr_destroy
sched_getscheduler
pthread_create
pthread_attr_getschedpolicy
pthread_attr_setschedpolicy
pthread_attr_getstacksize
pthread_attr_setstacksize
pthread_detach
pthread_mutex_lock
pthread_mutex_unlock
pthread_mutex_destroy
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutex_init
pthread_mutexattr_destroy

sqlite3

sqlite3_prepare_v2
sqlite3_finalize
sqlite3_open_v2
sqlite3_step
sqlite3_errmsg
sqlite3_reset
sqlite3_clear_bindings
sqlite3_bind_parameter_count
sqlite3_bind_parameter_name
sqlite3_bind_parameter_index
sqlite3_column_decltype
sqlite3_column_int
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_double
sqlite3_bind_text
sqlite3_bind_null
sqlite3_bind_blob
sqlite3_column_type
sqlite3_column_int64
sqlite3_column_text
sqlite3_column_blob
sqlite3_column_count
sqlite3_column_name
sqlite3_column_double
sqlite3_close

kernel32

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
TzSpecificLocalTimeToSystemTime
SetFilePointerEx
GetStringTypeW
LCMapStringW
VirtualAlloc
VirtualFree
RaiseException
WriteConsoleA
GetCPInfo
GetOEMCP
GetACP
GlobalAlloc
GetFileType
SetUnhandledExceptionFilter
GetExitCodeProcess
FileTimeToDosDateTime
RtlUnwind
GetTickCount
ReleaseSemaphore
CreateSemaphoreA
ExitProcess
UnhandledExceptionFilter
GetLocalTime
Sleep
SetEnvironmentVariableA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentVariableA
SetHandleCount
GetFileAttributesA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVersion
GetCommandLineA
QueryPerformanceCounter
QueryPerformanceFrequency
FindFirstFileA
FindNextFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetConsoleTextAttribute
SetConsoleCursorInfo
GetConsoleCursorInfo
GetConsoleTitleA
GetConsoleMode
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
SetConsoleCursorPosition
GetCurrentThread
GetPriorityClass
SetPriorityClass
GetThreadPriority
SetThreadPriority
GlobalFree
GetProfileStringA
MulDiv
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesExA
SetFileAttributesA
SetFileTime
FlushFileBuffers
DeleteFileA
MoveFileExA
ReadFile
WriteFile
CopyFileA
CreateFileA
SetFilePointer
FormatMessageA
SetConsoleCtrlHandler
GetStdHandle
GetCurrentProcess
DuplicateHandle
CreateProcessA
WaitForSingleObject
GetLastError
CloseHandle
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
gethostbyname

comdlg32

PrintDlgA

gdi32

DeleteObject
DeleteDC
CreateDCA
StartDocA
StartPage
TextOutA
EndPage
EndDoc
SetMapMode
GetDeviceCaps
CreateFontA
GetTextMetricsA

user32

MessageBoxA

Sections

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT$XIA
Size: 114KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 28B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

519dd05a2a7b4944a510d57f22a4d77e

Headers

File Characteristics

Imports

pcre3

pthreadgc2

sqlite3

kernel32

ws2_32

comdlg32

gdi32

user32

Sections

.idata Size: 5KB - Virtual size: 5KB

_TEXT Size: 562KB - Virtual size: 562KB

.CRT$XIA Size: 114KB - Virtual size: 136KB

.reloc Size: 24KB - Virtual size: 24KB

.debug Size: 28B - Virtual size: 512B

.idata
Size: 5KB - Virtual size: 5KB

_TEXT
Size: 562KB - Virtual size: 562KB

.CRT$XIA
Size: 114KB - Virtual size: 136KB

.reloc
Size: 24KB - Virtual size: 24KB

.debug
Size: 28B - Virtual size: 512B