6cb111dcbbe73d5433c962060c755c40_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6cb111dcbbe73d5433c962060c755c40_NeikiAnalytics.exe
Size

620KB
MD5

6cb111dcbbe73d5433c962060c755c40
SHA1

db01381aa21de715c772c4143ef7faa2ef5405f9
SHA256

9c99d0eed75aacbebc4f39ee85b4c02765407b4225da6d47b8f3b508043314bd
SHA512

2b9c9378da14027a5696e59a83514f691b9b0e88ba9271d92fb8c85a207c2085766e71e708585bef17eab88017cb232db374cdee138ed4bbd1c32a75e4a85f5d
SSDEEP

12288:CQGMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:9zSkQ/7Gb8NLEbeZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6cb111dcbbe73d5433c962060c755c40_NeikiAnalytics.exe

Files

6cb111dcbbe73d5433c962060c755c40_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

f9d503fa95ec668dd66a38f9103217e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\pgosweep.pdb

Imports

advapi32

OpenProcessToken

kernel32

GetModuleHandleA
OpenProcess
CloseHandle
GetProcAddress
WaitForSingleObject
OpenEventW
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CreateEventW
Sleep
GetLastError
SetEvent
WaitForSingleObjectEx
PulseEvent
ResetEvent
OpenMutexW
MapViewOfFileEx
VirtualFree
DeviceIoControl
VirtualAlloc
CreateFileW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
FormatMessageW
LocalFree
SystemTimeToFileTime
GetSystemTime
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
WriteFile
GetFileType
GetUserDefaultUILanguage
LoadResource
LoadLibraryExW
GetModuleFileNameW
FindResourceExW
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
EncodePointer
FindNextFileW
FindFirstFileW
FindClose
SetLastError
GetEnvironmentVariableW
TerminateProcess
GetCurrentProcess

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
wcschr
__current_exception
__current_exception_context
memset
__std_exception_copy
__std_exception_destroy
wcsstr
_CxxThrowException
memcpy

api-ms-win-crt-runtime-l1-1-0

exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
_initialize_onexit_table
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_onexit_function
_set_app_type
_seh_filter_exe
_crt_atexit
terminate
__p___argc
_errno

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
_fileno
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
fseek
fclose
fread
fflush
_wfsopen
putchar
__p__commode
fputs
_get_osfhandle
_set_fmode
__acrt_iob_func
fwrite

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
_wremove
_wfullpath

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscmp
wcstok_s
_wcsdup
wcscat_s
_strupr_s
wcsncpy_s
wcsncat_s
_wcsicmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

ole32

CoCreateGuid

ntdll

NtOpenSection
RtlLookupFunctionEntry
NtOpenMutant
NtOpenEvent
RtlInitUnicodeString
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-crt-convert-l1-1-0

_wtoi64
wcstoul
wcstol
_itow_s

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-conio-l1-1-0

_cputws

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9d503fa95ec668dd66a38f9103217e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

psapi

ole32

ntdll

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 135KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 135KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 568KB - Virtual size: 572KB