530667d9de08be433b47190056b2fa00_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

530667d9de08be433b47190056b2fa00_NeikiAnalytics.exe
Size

1.1MB
MD5

530667d9de08be433b47190056b2fa00
SHA1

d69f999877b3f9c67698005a6bc717ebf6805e79
SHA256

78c4d868e8aa000bace5bf007f453e5703e4992bcf5c6e68cfc133beed76ce4e
SHA512

7e7ade1338981480fb019b7b9b7eb7add0c5cfa70d0a03a216dd228f52e17cf4025bc21c63a4112cb58c62e6be41b3af38729fe54f4db271e0c39e86c6155068
SSDEEP

24576:3QAV/PWZkrXAPEBELY19hHWN5aIbRy71gQ:jdPWgxB4Y19h2PaIbu1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
530667d9de08be433b47190056b2fa00_NeikiAnalytics.exe

Files

530667d9de08be433b47190056b2fa00_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

f47efa773c6473987682ec8b67a86b97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

AllocConsole
Beep
CloseHandle
CompareFileTime
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FreeConsole
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProfileStringA
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetTempFileNameA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalFileTimeToFileTime
LockFile
LockFileEx
LockResource
MapViewOfFile
MoveFileA
MultiByteToWideChar
OpenFileMappingA
OutputDebugStringA
RaiseException
ReadConsoleInputA
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
RtlUnwind
SearchPathA
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTitleA
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
WriteProfileStringA
lstrcatA
lstrcpyA
lstrlenA

winspool.drv

ClosePrinter
EndDocPrinter
EndPagePrinter
EnumPrintersA
GetPrinterA
OpenPrinterA
SetPrinterA
StartDocPrinterA
StartPagePrinter
WritePrinter

user32

CallNextHookEx
CloseClipboard
EmptyClipboard
EnumThreadWindows
GetClipboardData
GetKeyState
GetKeyboardState
GetSystemMetrics
IsClipboardFormatAvailable
MessageBoxA
OpenClipboard
PeekMessageA
SendMessageA
SendMessageTimeoutA
SetClipboardData
SetKeyboardState
SetWindowsHookExA
UnhookWindowsHookEx
WaitMessage
wsprintfA

ole32

OleInitialize
OleUninitialize

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 729KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f47efa773c6473987682ec8b67a86b97

Headers

File Characteristics

Imports

advapi32

kernel32

winspool.drv

user32

ole32

Exports

Exports

Sections

.text Size: 729KB - Virtual size: 732KB

.data Size: 388KB - Virtual size: 460KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 729KB - Virtual size: 732KB

.data
Size: 388KB - Virtual size: 460KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 32KB - Virtual size: 32KB