8a303f68cd6304613178adefadc86600_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8a303f68cd6304613178adefadc86600_NeikiAnalytics.exe
Size

249KB
MD5

8a303f68cd6304613178adefadc86600
SHA1

c4247416aae49394c61988580153c8f604d3eaeb
SHA256

88029e912ceda1fb873a8d0f90912a465543860abf7c82b04dc30a0dffe0112a
SHA512

236919bb601e574a4cd8ef8051b633322716a6859a1e371d262aabe59ddbd0f24d632c4f28a08965823fecfd21bd8f875d7af06da0a5ebfc643849a19f5132ac
SSDEEP

3072:Mai2ncUhtFMnjRTgVlc67fBkbR7v7/0f7mg55CedPxgIjip9CC:Mh2nhhtax0f0v786GnrgOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a303f68cd6304613178adefadc86600_NeikiAnalytics.exe

Files

8a303f68cd6304613178adefadc86600_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

e1afe69969c3055231a3382326e28fb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X:\Work\PeCancer2009\Versions\pdb\Release\XShell32.pdb

Imports

kernel32

VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
GetModuleFileNameA
CreateFileA
ReadFile
CloseHandle
SetFilePointer
ResumeThread
VirtualProtect
CreateFileMappingA
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FlushFileBuffers
GlobalReAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
GetModuleHandleA
FormatMessageA
CreateThread
GetTickCount
ExitProcess
Sleep
InterlockedExchange
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
DeleteCriticalSection
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
UpdateWindow
ShowWindow
SetWindowRgn
GetDC
CreateWindowExA
GetSystemMetrics
SetRect
RegisterClassExA
LoadCursorA
DefWindowProcA
KillTimer
DestroyWindow
PostQuitMessage
EndPaint
BeginPaint
DialogBoxIndirectParamA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowTextA
GetDlgItem
SetWindowTextA

gdi32

DeleteObject
CreateDIBitmap
DeleteDC
CombineRgn
ExtCreateRegion
BitBlt
SelectObject
CreateDIBSection
GetObjectA
CreateCompatibleDC
StretchDIBits

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.more
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1afe69969c3055231a3382326e28fb3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Sections

.text Size: 96KB - Virtual size: 95KB

.more Size: 512B - Virtual size: 496B

.edata Size: 112KB - Virtual size: 112KB

.reloc Size: 39KB - Virtual size: 40KB

.text
Size: 96KB - Virtual size: 95KB

.more
Size: 512B - Virtual size: 496B

.edata
Size: 112KB - Virtual size: 112KB

.reloc
Size: 39KB - Virtual size: 40KB