19a96186aa64a787eb52acefab1197e0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

19a96186aa64a787eb52acefab1197e0_NeikiAnalytics.exe
Size

983KB
MD5

19a96186aa64a787eb52acefab1197e0
SHA1

0df65ce814a000734dbd0f0873edaf6e2e5a1080
SHA256

beb329cfbaa71a5e4513e8ab58d9a701797513580b38ee73323d409d0a3cb616
SHA512

921daaca896be80a031ce10d730499840c890ce140961fd680f09aebaec9fb8acb16faf32e0db0d43a2f2b1397bb40c045b8f8ad72d40eab4dc3d9ff82a18e14
SSDEEP

24576:umoehGLw6eqoEGM0lKRrclWAAV4MpCN+9b:VX2GM0ljhM49c9b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19a96186aa64a787eb52acefab1197e0_NeikiAnalytics.exe

Files

19a96186aa64a787eb52acefab1197e0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

668f9b7c10a2a9031ab006d392c53c7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
FormatMessageW
GetCurrentThread
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
WaitNamedPipeW
PeekNamedPipe
ReadFile
GetTickCount64
CreateDirectoryW
OpenEventW
GetSystemWindowsDirectoryW
GetLocaleInfoW
SetEndOfFile
HeapAlloc
HeapFree
GetProcessHeap
GetFileAttributesW
FlushFileBuffers
GetLocaleInfoA
GetUserDefaultLCID
IsValidLocale
IsValidCodePage
ExpandEnvironmentStringsW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
SetEvent
ExpandEnvironmentStringsA
WaitForMultipleObjects
FormatMessageA
SleepEx
VerSetConditionMask
VerifyVersionInfoA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStringTypeA
EnumSystemLocalesA
HeapReAlloc
HeapCreate
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetACP
GetStdHandle
SetHandleCount
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateEventW
GetSystemTimeAsFileTime
Sleep
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
FindClose
TerminateProcess
MoveFileW
DeleteFileW
SetFileAttributesW
GetModuleHandleW
ReleaseMutex
CreateMutexA
GetVersionExW
LocalFree
LocalAlloc
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
FreeLibrary
GetOEMCP
CompareStringW
CompareStringA
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointer
CreateFileA
SetLastError
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualQuery
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
ResumeThread
SuspendThread
ExitThread
CreateThread
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
VirtualProtect
LoadLibraryW
GetProcAddress
GetTickCount
WaitForSingleObjectEx
GetFileType
TerminateThread
GetCurrentProcess
GetFileInformationByHandle

user32

IsWindow
DestroyWindow
GetWindowRect
ClientToScreen
SetCursorPos
GetClientRect
GetClassNameW
SetWindowPos
GetClassInfoW
LoadIconW
LoadCursorW
KillTimer
CreateWindowExW
GetPropW
SetPropW
BeginPaint
EndPaint
PostQuitMessage
ShowWindow
GetMessageW
SendMessageW
SetTimer
DefWindowProcW
PostMessageW
EnumChildWindows
UpdateWindow
DispatchMessageW
GetMenuStringW
GetMenuItemID
FindWindowW
wsprintfW
GetMenuItemCount
RegisterClassW
SetFocus
TranslateMessage

advapi32

CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegFlushKey
RegSetValueExW
RegCreateKeyExW
GetUserNameW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext

shell32

SHGetSpecialFolderPathW

ws2_32

ntohl
inet_ntoa
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
htonl
WSACleanup
WSAGetLastError
WSAStartup
connect
recv
send
closesocket
sendto
recvfrom
socket
setsockopt
inet_addr
htons
bind
getpeername
getsockopt
ntohs
getsockname
WSAIoctl
select
__WSAFDIsSet
WSASetLastError

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersInfo

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

wldap32

ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

668f9b7c10a2a9031ab006d392c53c7d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

iphlpapi

wininet

wldap32

rpcrt4

Sections

.text Size: 794KB - Virtual size: 793KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 10KB - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 794KB - Virtual size: 793KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 10KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 46KB - Virtual size: 45KB