a2e8200063977615da52c711cbaa3670_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a2e8200063977615da52c711cbaa3670_NeikiAnalytics.exe
Size

53KB
MD5

a2e8200063977615da52c711cbaa3670
SHA1

c6a8f334f0ad9cbc5c3da34205000f9d084a5d54
SHA256

6b48848bbe289b40b82794de2f49d52ed60cb677fc36f1e93f7d190047f585fb
SHA512

536fc9d255c24d6c74b46a42c9f452199e80eff031d9fc2b3d4db9b409244cd30dee0a728e3730d3b7cf1a9970fa1ebf2bc6ae660d163dcc67c383da7b2543a6
SSDEEP

1536:MhdFFOzELVMS5bLkTZcyZAAv04NGCq2iW7z:MfJqSZkTZc5Av08GCH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2e8200063977615da52c711cbaa3670_NeikiAnalytics.exe

Files

a2e8200063977615da52c711cbaa3670_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

206fdd704cdc966d1fc728f35d7011d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\Win32\Release\idevicebackup.pdb

Imports

kernel32

Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
UnhandledExceptionFilter

libcrypto-1_1

SHA1_Update
SHA1
SHA1_Init
SHA1_Final

imobiledevice

mobilebackup_send_restore_complete
mobilebackup_send_backup_file_received
mobilebackup_request_backup
afc_file_close
mobilebackup_client_free
np_client_free
mobilebackup_request_restore
mobilebackup_receive
mobilebackup_receive_restore_application_received
np_observe_notifications
np_post_notification
afc_client_free
mobilebackup_receive_restore_file_received
afc_file_open
np_set_notify_callback
mobilebackup_send
np_client_new
lockdownd_service_descriptor_free
lockdownd_client_new_with_handshake
mobilebackup_client_new
lockdownd_get_value
idevice_set_debug_level
mobilebackup_send_error
idevice_free
lockdownd_start_service
lockdownd_client_free
idevice_new_with_options
afc_file_lock
afc_client_new

plist

plist_dict_get_item
plist_get_bool_val
plist_array_get_item
plist_free
plist_set_date_val
plist_new_array
plist_array_append_item
plist_new_dict
plist_dict_remove_item
plist_copy
plist_new_bool
plist_new_date
plist_dict_get_size
plist_compare_node_value
plist_new_data
plist_dict_set_item
plist_new_string
plist_new_uint
plist_get_data_val
plist_dict_next_item
plist_get_node_type
plist_from_xml
plist_dict_new_iter
plist_from_bin
plist_to_bin
plist_to_xml
plist_array_get_size
plist_get_uint_val
plist_get_string_val

vcruntime140

strrchr
__current_exception
__current_exception_context
memset
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

fopen
fclose
fseek
_set_fmode
__stdio_common_vfprintf
rewind
__p__commode
fwrite
__acrt_iob_func
__stdio_common_vsprintf
ftell
fread
fflush

api-ms-win-crt-string-l1-1-0

toupper
_strdup

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
strerror
signal
_errno
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_exit
_crt_atexit
_controlfp_s
terminate

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_stat64
remove
rename

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

3��u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

206fdd704cdc966d1fc728f35d7011d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

libcrypto-1_1

imobiledevice

plist

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 936B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

3���u� Size: 16KB - Virtual size: 20KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 936B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

3��u�
Size: 16KB - Virtual size: 20KB