358bad4f1f34350989075de6f77a6ec0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

358bad4f1f34350989075de6f77a6ec0_NeikiAnalytics.exe
Size

534KB
MD5

358bad4f1f34350989075de6f77a6ec0
SHA1

ae8026204ef6f1107192c55bc3b811a40a504181
SHA256

d260a5ef50dc0f91451530dafac39dc892f2e84a2243ec54249bba6302c27982
SHA512

b1d87fb5a6259872e9bd8751629de8f9c272ec82a598291dfc9f69a46115620029a95b0ce9e9d13fd0e72cb0bd6a3f5e08fce4156c03b5f42ba8f54457f184ba
SSDEEP

6144:hOC6U25wfuTUlhk/P6CB2qKrzG0+L0jgPjozPJQzIUm4o3Z+0dX6XO3+gN1/3iVB:h8wetmAtiyXtSjX8SBrQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
358bad4f1f34350989075de6f77a6ec0_NeikiAnalytics.exe

Files

358bad4f1f34350989075de6f77a6ec0_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

8b4b30e3e95f5d37e95cf56622ea1d45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
IsDebuggerPresent
InitializeSListHead
MultiByteToWideChar
lstrcpynW
WideCharToMultiByte
lstrlenW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent

user32

MessageBoxW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kbzlib

inflate
inflateEnd
inflateInit2_

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memset
__current_exception_context
_purecall
__CxxFrameHandler3
__current_exception
wcsrchr
__std_exception_copy
memmove
memcpy
memchr
_CxxThrowException
__std_terminate
__RTDynamicCast
__std_exception_destroy

api-ms-win-crt-string-l1-1-0

_strdup
isdigit
_wcsicmp
_stricmp
wcsncat_s
toupper
strncat_s
wcsncpy_s
_strnicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
abort
terminate
_initterm
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e

api-ms-win-crt-heap-l1-1-0

free
realloc
calloc
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-math-l1-1-0

_libm_sse2_exp_precise
_libm_sse2_cos_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
floor
_libm_sse2_log10_precise

Exports

Exports

kpi_CreateInstance

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b4b30e3e95f5d37e95cf56622ea1d45

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

kbzlib

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 439KB - Virtual size: 438KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 9KB - Virtual size: 989KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 439KB - Virtual size: 438KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 9KB - Virtual size: 989KB

.reloc
Size: 16KB - Virtual size: 16KB