8bbb24a2aa6c58e67461ba31af26fef0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8bbb24a2aa6c58e67461ba31af26fef0_NeikiAnalytics.exe
Size

145KB
MD5

8bbb24a2aa6c58e67461ba31af26fef0
SHA1

4bde96753fe0125a239823dde60967de626b5683
SHA256

c1205fa99ada003c9f68884a6e9f94cb0f6e326b10eeece0a03298392e90ed82
SHA512

fced5e1e872d222f58d4d54c1e412d0f2a53508c5c00f4ec9c969d5e4f607df9a63e3a5ad3b378ba13775357b66f43f53235d15193494a0c3b1d2576dd11dd8f
SSDEEP

3072:d9nD8UXTP3mr8lJyiMuyBF3IG7lt+9ebXgXVB7qQv:d9DzXT7Jyz5BFYG7lt0c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bbb24a2aa6c58e67461ba31af26fef0_NeikiAnalytics.exe

Files

8bbb24a2aa6c58e67461ba31af26fef0_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

3e29a7e99eda6f26984e816818813158

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\build\slave\Win_x64\build\src\out\Release_x64\chrome_elf.dll.pdb

Imports

kernel32

GetModuleFileNameW
LocalFree
GetVersionExW
RtlCaptureContext
CreateFileW
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateThread
GetCurrentThreadId
GetCurrentProcess
CreateSemaphoreW
LoadLibraryW
WriteFile
GetLastError
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SetEvent
ResetEvent
WaitForMultipleObjects
ReadProcessMemory
WriteProcessMemory
VirtualProtectEx
CloseHandle
GetTempPathW
GetEnvironmentVariableW
GetCommandLineW
GetProcAddress
GetProcessId
GetCurrentProcessId
GetModuleHandleW
VirtualQueryEx
VirtualProtect
EncodePointer
DecodePointer
RtlUnwindEx
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
HeapAlloc
HeapFree
HeapSize
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
LCMapStringW
HeapReAlloc
GetStringTypeW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW

advapi32

GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW

Exports

Exports

AddDllToBlacklist
CreateFileW
GetBlacklistIndex
GetRedirectCount
IsBlacklistInitialized
SignalChromeElf
SuccessfullyBlocked

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oldntma
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crthunk
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e29a7e99eda6f26984e816818813158

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 7KB - Virtual size: 18KB

.pdata Size: 5KB - Virtual size: 5KB

.oldntma Size: 512B - Virtual size: 8B

.crthunk Size: 512B - Virtual size: 128B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 18KB

.pdata
Size: 5KB - Virtual size: 5KB

.oldntma
Size: 512B - Virtual size: 8B

.crthunk
Size: 512B - Virtual size: 128B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB