8e3ce489fae8a774a092aed3de257bd0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8e3ce489fae8a774a092aed3de257bd0_NeikiAnalytics.exe
Size

1.4MB
MD5

8e3ce489fae8a774a092aed3de257bd0
SHA1

c6d1716c1513c0a116d9693357b00fd1a6ad78b9
SHA256

5e82cc4f5898abf4995e15907b3c2f4e0c365e7573ae01a0a9b276bbaa19b48d
SHA512

33f2bc9b07aeb7b8b277bff8c3512496d164ba68d74610721dd7c1ecf46975bd700af3b7d127fcfd8bb582969fc44d9f7586a7781550b104812559efad5832a1
SSDEEP

24576:43l4lnv6rDt9XTv3afFHGvh1C81WZkB7apvTMxxaSc5HtP54AxVJBV1Ls2wBPDU7:48ST/Q4hOZPZTMxxaScFl5hxVJBV1Lsm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e3ce489fae8a774a092aed3de257bd0_NeikiAnalytics.exe

Files

8e3ce489fae8a774a092aed3de257bd0_NeikiAnalytics.exe
.exe windows:4 windows

d487008396184c03e19506d62330dd8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcscmp
memmove
wcslen
wcscpy
wcscat
memcpy
fread
longjmp
_setjmp3
_wcsdup
free
wcsncmp
_wcsicmp
tolower
wcsncpy
_snwprintf
fabs
malloc
ceil
floor
fseek
ftell
fclose
pow
??3@YAXPAX@Z
_wcsnicmp
frexp
modf
_CIpow
fopen
_errno
strerror
abort
atof
gmtime
fflush
ferror
remove
fwrite
realloc
calloc
__p__iob
strchr
strstr
isxdigit
strncmp
isalpha
strtol
strncpy
sscanf
strrchr
strpbrk
strtoul
qsort
fgets
fputs
atoi
isspace
memchr
isdigit
_stricmp
_strnicmp
_read
_write
fputc
sprintf
getenv
isalnum
isupper
_stati64
time
_ftime
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
InitializeCriticalSection
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetProcAddress
CreateThread
CreateFileW
DeleteFileW
WriteFile
Sleep
SetLastError
CreateDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
SetFilePointer
GetFileSize
ReadFile
HeapReAlloc
GlobalFree
GlobalAlloc
GetVersionExW
MultiByteToWideChar
MulDiv
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
VerSetConditionMask
VerifyVersionInfoA
SleepEx
LoadLibraryA
ExpandEnvironmentStringsA
FormatMessageA
GetCurrentThread
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongW
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetIconInfo
InvalidateRect
UpdateWindow
RedrawWindow
CallWindowProcW
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
GetWindowRect
ScreenToClient
SendMessageW
GetSystemMetrics
CreateWindowExW
SetWindowLongW
GetSysColor
GetSysColorBrush
GetDC
GetWindowTextLengthW
GetWindowTextW
SetRect
DrawTextW
ReleaseDC
SetWindowTextW
GetPropW
RemovePropW
DefWindowProcW
GetParent
SetPropW
GetWindow
SetActiveWindow
UnregisterClassW
DestroyAcceleratorTable
DestroyIcon
LoadIconW
LoadCursorW
RegisterClassW
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableW
DefFrameProcW
SetFocus
GetFocus
EnumChildWindows
PostMessageW
GetActiveWindow
GetKeyState
GetClassNameW
IsChild
GetClientRect
FillRect
RegisterWindowMessageW
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW

gdi32

GetStockObject
GetObjectType
GetObjectW
DeleteObject
SetTextColor
SetBkColor
SelectObject
CreateSolidBrush
GetDeviceCaps
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
SelectClipRgn
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateBitmap
SetPixel
GetDIBits
BitBlt
CreateDCW
CreateFontW

advapi32

GetCurrentHwProfileW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

comctl32

InitCommonControlsEx

ole32

CoInitialize
RevokeDragDrop

shell32

ShellExecuteExW

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recv
WSAGetLastError
send
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
ntohs
gethostname
ntohl
htonl

winmm

timeBeginPeriod

Sections

.code
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d487008396184c03e19506d62330dd8e

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

advapi32

comctl32

ole32

shell32

ws2_32

wsock32

winmm

Sections

.code Size: 5KB - Virtual size: 5KB

.text Size: 320KB - Virtual size: 320KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 73KB - Virtual size: 72KB

.code
Size: 5KB - Virtual size: 5KB

.text
Size: 320KB - Virtual size: 320KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 73KB - Virtual size: 72KB