13a30c249688399ee9fda3697b02cef0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

13a30c249688399ee9fda3697b02cef0_NeikiAnalytics.exe
Size

729KB
MD5

13a30c249688399ee9fda3697b02cef0
SHA1

1a7413c28342f5c785e38f825ec823e71e12169e
SHA256

9b70fbb8efa1ca46fd66da1c2f53307d31d4b7095d948246f167bbc5d11bf20d
SHA512

451c0c73d898370872bad56f056bb97cb928a97e27c6fb2592d92feb64ab473ecf323575443ce777f91fe5f4a6133d64b6d6bd5d353e7e56bca8315ed2fa4c71
SSDEEP

12288:ww98N9ktzpgwud8CzbYGYfc3eVhqVgkLvgGTD6pWCqPqtPdYwvGHzS07gctYBORt:ON6tzKZoGYfhHrkt36cJq71WjtsOR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
13a30c249688399ee9fda3697b02cef0_NeikiAnalytics.exe

Files

13a30c249688399ee9fda3697b02cef0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

b88724465e5300ab482945b2e7ba1c34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BA\163\b\release\x64\Conduit.Broker.Host.pdb

Imports

oleaut32

SysFreeString
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserSize
BSTR_UserUnmarshal64
BSTR_UserFree
SysAllocString

kernel32

MultiByteToWideChar
FreeLibrary
GetConsoleScreenBufferInfoEx
WriteFile
GetFileSize
SetFilePointer
ReadFile
GetStdHandle
GetFileType
SetConsoleTextAttribute
FlushFileBuffers
WriteConsoleW
DecodePointer
DeleteCriticalSection
GetModuleHandleExW
WideCharToMultiByte
CompareStringOrdinal
InitOnceInitialize
InitOnceExecuteOnce
OutputDebugStringW
CloseHandle
GetCurrentProcess
GetModuleFileNameW
SetLastError
GetEnvironmentVariableW
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetLastError
LoadLibraryExW
GetCommandLineW
Sleep
IsDebuggerPresent
GetCurrentProcessId
__C_specific_handler
TlsSetValue
VirtualQuery
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
SleepEx
VirtualProtect
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
FormatMessageW
RtlPcToFileHeader
EncodePointer
RaiseException
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
SetEvent

rpcrt4

Ndr64AsyncClientCall
RpcBindingToStringBindingW
RpcExceptionFilter
NdrServerCallAll
RpcStringBindingParseW
RpcStringFreeW
NdrClientCall3
UuidCreate
RpcServerRegisterIf2
RpcServerUnregisterIfEx
RpcObjectSetType
RpcServerUseProtseqEpW
RpcBindingInqObject
RpcErrorEndEnumeration
RpcErrorStartEnumeration
RpcErrorGetNextRecord
RpcBindingCreateW
RpcBindingFree
RpcBindingBind
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
NdrServerCall2

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_cexit
__p___argv
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
abort
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_invalid_parameter_noinfo_noreturn
_errno
_c_exit
__p___argc

api-ms-win-crt-string-l1-1-0

_wcsnicmp
_wcsdup
_stricmp
wcsnlen
wmemcpy_s
wcscspn
wcsncmp
iswspace
_wcsicmp
strcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_set_fmode
__p__commode

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-locale-l1-1-0

__pctype_func
___lc_locale_name_func
setlocale
_lock_locales
___mb_cur_max_func
_unlock_locales
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b88724465e5300ab482945b2e7ba1c34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

kernel32

rpcrt4

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 16B

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 16B

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 568KB - Virtual size: 572KB