5b634bfaaa6fc85d8fd782c30cd04200_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5b634bfaaa6fc85d8fd782c30cd04200_NeikiAnalytics.exe
Size

6.2MB
MD5

5b634bfaaa6fc85d8fd782c30cd04200
SHA1

8d94c61124551093443461e9267ad18568b62902
SHA256

4936de157054a5fbbde8e00e0d4a0f1dd29b6e2715218dddc142762506def024
SHA512

c9dd60d34080a6b3ee09f84b4298fa663ffd1f14c5681b53954f6c28cc857d49806445ed4480dda00b319be46e30fbf64d610a9d97585f3982513570cf368be5
SSDEEP

196608:in1xmGmh3ySCjpRFW7bpvCwZqkaGXUc8zjPb:iIxyZpjW/pvLCPP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b634bfaaa6fc85d8fd782c30cd04200_NeikiAnalytics.exe

Files

5b634bfaaa6fc85d8fd782c30cd04200_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

d7d27535ebdca8ed5b1d96e63f0cfe19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

SetNamedSecurityInfoW

msvcp140

?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table

user32

CharUpperBuffW

Exports

Exports

_inject_dll@8
_is_injected@12
_run_script@16

Sections

.text
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flux0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.flux1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flux2
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7d27535ebdca8ed5b1d96e63f0cfe19

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

user32

Exports

Exports

Sections

.text Size: - Virtual size: 10KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 1KB

.flux0 Size: - Virtual size: 3.3MB

.flux1 Size: 1KB - Virtual size: 1KB

.flux2 Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 1KB

.flux0
Size: - Virtual size: 3.3MB

.flux1
Size: 1KB - Virtual size: 1KB

.flux2
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B