abbe50a6ae1ee84dd0ee1b7c6dff6cc0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

abbe50a6ae1ee84dd0ee1b7c6dff6cc0_NeikiAnalytics.exe
Size

608KB
MD5

abbe50a6ae1ee84dd0ee1b7c6dff6cc0
SHA1

859adb54cbfb84cd8d619f33505fe33c1168eeb4
SHA256

145fa06bf33c9b664aa5ab7415861421e5abff323b572a45b620a95b07a3d782
SHA512

9f290bec5c1954422f4686c82eb990fabc460f3480484942b90666b3457cdad59b0a1a8f02abd3357fcdd9f6747597f952efb5d7cabb3d0a6de1d487e597f30f
SSDEEP

12288:GeeSMIO74u8k7UtnzPgGeB0dPoIlaNyF/ofCVGGfX134R9kMKy:pet/HU9zPjeidP1Yi/dGyA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
abbe50a6ae1ee84dd0ee1b7c6dff6cc0_NeikiAnalytics.exe

Files

abbe50a6ae1ee84dd0ee1b7c6dff6cc0_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

414c8fd5b5f6c45233b623dbc26b0b63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\a01\_work\39\s\\binaries\x86ret\bin\i386\ErrLook.pdb

Imports

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

kernel32

GlobalUnlock
FreeLibrary
GetFileAttributesW
GetUserDefaultUILanguage
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
MultiByteToWideChar
FormatMessageW
LoadLibraryW
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
GlobalLock
GetCurrentThreadId
CloseHandle
InitializeCriticalSectionAndSpinCount
CreateEventW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
OutputDebugStringW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead

vcruntime140

_CxxThrowException
__CxxFrameHandler3
__current_exception
__current_exception_context
memset
_except_handler4_common
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-string-l1-1-0

wcstok_s
iswxdigit
iswdigit
wcsncpy_s

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
terminate
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_controlfp_s
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

mfc140u

ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord6129
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord6549
ord1002
ord1133
ord12526
ord7654
ord6495
ord10250
ord8210
ord5781
ord12887
ord9990
ord9525
ord286
ord5109
ord8464
ord2383
ord928
ord1412
ord13963
ord8048
ord4815
ord10379
ord7653
ord995
ord1472
ord2246
ord5117
ord12559
ord2304
ord4589
ord6804
ord6860
ord5763
ord12928
ord12219
ord12251
ord10433
ord8217
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord4997
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord2990
ord12884
ord14417
ord14411
ord8360
ord458
ord1111
ord7493
ord2215
ord3697
ord10472
ord2750
ord4885
ord4092
ord3833
ord9468
ord890
ord1391
ord11038
ord7820
ord2303
ord13544
ord1523
ord2256
ord280
ord2335
ord1066
ord1179
ord6531
ord9210
ord12172
ord2760
ord13752
ord6218
ord3164
ord3403
ord3404
ord11396
ord12131
ord11015
ord9040
ord1653
ord2996
ord8756
ord12641
ord4219
ord3145
ord9126
ord6490
ord2753
ord14573
ord3874
ord2994
ord8745
ord4224
ord3189
ord9131
ord6588
ord14507
ord4477
ord7027
ord2409
ord5013
ord3302
ord3305
ord13756
ord6220
ord14137
ord296
ord5653
ord8157
ord4886
ord9513
ord1374
ord853
ord1045
ord4323
ord1525
ord4954
ord4960
ord4966
ord4948
ord5003
ord4942
ord4936
ord1777
ord1756
ord1770
ord1744
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord14588
ord11936
ord3838
ord12089
ord9139
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord11982
ord2761
ord5961

user32

SetForegroundWindow
LoadIconW
GetSystemMenu
DeleteMenu
EnableWindow
SendMessageW
GetWindowThreadProcessId
AttachThreadInput
SetFocus
IsIconic
FindWindowW
AppendMenuW
GetSystemMetrics
GetClientRect
DrawIcon
CloseClipboard
WinHelpW
GetParent
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable

comctl32

InitCommonControlsEx

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

414c8fd5b5f6c45233b623dbc26b0b63

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

mfc140u

user32

comctl32

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 572KB - Virtual size: 576KB