80960e5320fade029bc5e65d59c2aac0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

80960e5320fade029bc5e65d59c2aac0_NeikiAnalytics.exe
Size

1.3MB
MD5

80960e5320fade029bc5e65d59c2aac0
SHA1

52b55297dc081dd187d80e983b86c7f13a79a3ae
SHA256

aa8fca5029caa0a2f662e6ca129a34eae220dd76c90ab9804832be3140c274dd
SHA512

e416ee38ac838a63382aab3a22ef5fefbfd4d23e5a1c9ac245f8e68883dcc704c21522a69b0ec6af33051388dce74e165ab7e6da99f608a659b0c96dd4d96ded
SSDEEP

12288:4k0ppKEI8hUQmB2p9IFEWfJvmvMeUcMxasrM7IHoyEFUy4WjCXuSZzvFmRgVHivC:4k0v35IHVqk1VvSTbbTU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80960e5320fade029bc5e65d59c2aac0_NeikiAnalytics.exe

Files

80960e5320fade029bc5e65d59c2aac0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

056c0a6c71161b4499842f442a273703

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\xbrowser\branches\stable\src\out\Release\initialexe\7chrome.exe.pdb

Imports

chrome_elf

CreateFileW
SignalChromeElf

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeGetTime

shlwapi

PathRemoveFileSpecW

advapi32

RegEnumKeyExW
GetUserNameW
SetEntriesInAclW
LookupPrivilegeValueW
EqualSid
CreateRestrictedToken
CreateWellKnownSid
CopySid
GetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetTokenInformation
GetSecurityDescriptorSacl
GetLengthSid
SetThreadToken
ConvertStringSidToSidW
RegDisablePredefinedCache
RevertToSelf
DuplicateTokenEx
DuplicateToken
RegSetValueExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
CreateProcessAsUserW

user32

CloseWindowStation
CloseDesktop
wsprintfW
MessageBoxW
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
GetAsyncKeyState
FindWindowExW
CharUpperW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindow
SendMessageTimeoutW

kernel32

GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
WriteConsoleW
ReadConsoleW
OutputDebugStringW
GetDriveTypeW
RtlCaptureContext
ReleaseSemaphore
SetNamedPipeHandleState
TransactNamedPipe
IsValidLocale
LCMapStringW
CompareStringW
CreateSemaphoreW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
ExitProcess
IsProcessorFeaturePresent
EncodePointer
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
GetComputerNameExW
DebugBreak
SuspendThread
ReadProcessMemory
ProcessIdToSessionId
SearchPathW
CreateNamedPipeW
CreateJobObjectW
SignalObjectAndWait
GetProcessHandleCount
InterlockedDecrement
InterlockedIncrement
GetFileType
LoadLibraryW
GetThreadContext
TerminateJobObject
InitializeCriticalSection
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
FormatMessageW
VirtualFreeEx
VirtualAllocEx
VirtualProtect
SetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
GetCommandLineW
SetCurrentDirectoryW
GetModuleFileNameW
LoadLibraryExW
DecodePointer
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcessId
GetTickCount
DuplicateHandle
GetCurrentProcess
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
ReadFile
SetFilePointer
GetSystemInfo
VirtualAlloc
VirtualFree
FreeLibrary
LocalFree
CreateMutexW
FormatMessageA
WriteFile
SetLastError
ReleaseMutex
CloseHandle
GetNativeSystemInfo
InterlockedCompareExchange
GetVersionExW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetUserDefaultLangID
WaitNamedPipeW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedExchange
QueryPerformanceFrequency
CreateEventW
ExpandEnvironmentStringsW
GetProcessTimes
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
GetLongPathNameW
CreateFileMappingW
QueryDosDeviceW
lstrlenW
IsDebuggerPresent
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
SetInformationJobObject
CreateProcessW
SetHandleInformation
AssignProcessToJobObject
GetStdHandle
ResumeThread
GetLocaleInfoW
GetUserDefaultUILanguage
GetCurrentThreadId
Sleep
CreateThread
GetSystemDirectoryW
GetWindowsDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
OpenProcess
GetProcessId
HeapSetInformation
TerminateProcess
GetModuleHandleExW
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
ResetEvent
WaitForMultipleObjects
CreateRemoteThread

userenv

GetProfileType

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Exports

Exports

ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
SetCrashKeyValueImpl

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

056c0a6c71161b4499842f442a273703

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

chrome_elf

version

winmm

shlwapi

advapi32

user32

kernel32

userenv

wtsapi32

Exports

Exports

Sections

.text Size: 393KB - Virtual size: 392KB

.rdata Size: 167KB - Virtual size: 167KB

.data Size: 7KB - Virtual size: 23KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 748KB - Virtual size: 748KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 393KB - Virtual size: 392KB

.rdata
Size: 167KB - Virtual size: 167KB

.data
Size: 7KB - Virtual size: 23KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 748KB - Virtual size: 748KB

.reloc
Size: 18KB - Virtual size: 18KB