50aa78087ff087b01afb1bcda6cf6a10_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

50aa78087ff087b01afb1bcda6cf6a10_NeikiAnalytics.exe
Size

27KB
MD5

50aa78087ff087b01afb1bcda6cf6a10
SHA1

41572c6910394a69a3aa3be962256801742225a3
SHA256

11561ff6e0ec16a264095276be8b72170a72fd5308909309903ec9585c676222
SHA512

bc1b9e7e2dba23f0215022e357c332da3275a5ae5d64a7ba51341c691488eb019c6689c54877ed38e5b6f704cb03220042130b162660bb98bfff14ac47d3690a
SSDEEP

768:cAwgslYhP/PBTlx5QGPL4vzZq2o9W7GsxBbPr:cA+IbxuGCq2iW7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
50aa78087ff087b01afb1bcda6cf6a10_NeikiAnalytics.exe

Files

50aa78087ff087b01afb1bcda6cf6a10_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

5388c597fb079d0ace0feb8e7aeebc8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\projects\libusb-win32-stage\ddk_make\output\i386\testlibusb.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_snprintf
printf

libusb0

usb_set_debug
usb_find_busses
usb_find_devices
usb_get_busses
usb_open
usb_get_string_simple
usb_close
usb_init

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

VPJ��u(
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE