576e64ba7b1cb84e897ba9510a97d8e048eb84d495ac17ac15c95c49b368f9f4_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

576e64ba7b1cb84e897ba9510a97d8e048eb84d495ac17ac15c95c49b368f9f4_NeikiAnalytics
Size

1.2MB
MD5

5b141b7c222fdde758eabe3602c0eb70
SHA1

a875f42ca1198fa98b121c4ba339db5569d370f9
SHA256

576e64ba7b1cb84e897ba9510a97d8e048eb84d495ac17ac15c95c49b368f9f4
SHA512

3faedbd2deb3a50ee3013cfd00fee28e71015ff34916c1a8d3fd430d419c92b16e43f5a9c11f5b095a302c2aa6993c56cb699bd0ce0c8c6b124518283be3029a
SSDEEP

24576:MU/XE7SRTr/S8W/ngfBMoDrbL7rbp7SCyiSCyiSCyJYiaPKmwz/An30K4AiRi:3E7SRTWoDrbL7rbp7SCyiSCyiSCyJYi9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
576e64ba7b1cb84e897ba9510a97d8e048eb84d495ac17ac15c95c49b368f9f4_NeikiAnalytics

Files

576e64ba7b1cb84e897ba9510a97d8e048eb84d495ac17ac15c95c49b368f9f4_NeikiAnalytics
.exe windows:10 windows x86 arch:x86

6ee784c71aeda59373e4e5fa13e1caeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tracefmt.pdb

Imports

advapi32

OpenTraceW
CloseTrace
ProcessTrace
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertSidToStringSidW
RegEnumKeyExW
GetLengthSid
LookupAccountSidW

kernel32

GetModuleHandleExW
GetModuleFileNameW
CompareStringOrdinal
CreateFileW
GetVersionExW
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
CloseHandle
HeapSetInformation
FileTimeToLocalFileTime
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetSystemInfo
SetDllDirectoryW
GetDllDirectoryW
VirtualProtect
HeapFree
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
HeapAlloc
GetProcessHeap
VirtualQuery
GetFileSizeEx
SystemTimeToFileTime
CopyFileW
GetFileAttributesW
CreateDirectoryW
OutputDebugStringW
CompareFileTime
GetPrivateProfileStringW
GetFileTime
GetFileSize
LoadLibraryExW
LocalFree
FormatMessageW
SetLastError
DeleteCriticalSection
GetCurrentDirectoryW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SearchPathW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetEnvironmentVariableA
GetEnvironmentVariableW
HeapDestroy
HeapReAlloc
HeapSize
ReadFile
GetFullPathNameW

msvcrt

_onexit
__dllonexit
memcmp
_lock
_controlfp
?terminate@@YAXXZ
_initterm
_except_handler4_common
_unlock
??1type_info@@UAE@XZ
memchr
_ftol2
strnlen
fputws
fputwc
strtok_s
sprintf_s
_splitpath_s
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
wcscpy_s
memmove_s
wcsrchr
memcpy_s
vfwprintf
_wfullpath
atoi
free
printf
_errno
fwrite
fgets
_purecall
wcstok_s
??3@YAXPAX@Z
wcstoul
strtoul
_vsnprintf
fclose
_wcsicmp
_wfsopen
_vsnwprintf
strtok
??_V@YAXPAX@Z
exit
wprintf
__CxxFrameHandler3
__iob_func
_wfopen
wcsstr
wcsspn
fgetws
wcschr
iswspace
_wtoi
wcscspn
_snwprintf_s
wcstol
swscanf
_vsnwprintf_s
strncmp
wcsnlen
vsprintf_s
fopen
vfprintf
strncpy_s
_wsplitpath_s
fprintf
_vscprintf
strcpy_s
fputs
strstr
strchr
strrchr
memset

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

ntdll

RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW

tdh

TdhLoadManifestFromBinary
TdhGetEventInformation
TdhGetEventMapInformation
TdhLoadManifest

Sections

.text
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ee784c71aeda59373e4e5fa13e1caeb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

version

ntdll

tdh

Sections

.text Size: 529KB - Virtual size: 528KB

.data Size: 104KB - Virtual size: 146KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 116B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 529KB - Virtual size: 528KB

.data
Size: 104KB - Virtual size: 146KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 116B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 596KB - Virtual size: 600KB