f1c0698d1ea3ea6d1040fc7dccadc7c0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f1c0698d1ea3ea6d1040fc7dccadc7c0_NeikiAnalytics.exe
Size

1.4MB
MD5

f1c0698d1ea3ea6d1040fc7dccadc7c0
SHA1

8af23d98ad94120bbfe43cef52f3f21d716bb97f
SHA256

cbaadf61ff9b972d68fb36e6b846806afa472c253c131705f1ec6bf8bd3dd676
SHA512

12ba88f371d1c9790b6a6a1b3e7b1261648f4bdcdbd8a55965dc8f9802d027e227051556ded76e31f11e5e9c89c75ae54a3dd8bf974d2471b601b015910c2f5a
SSDEEP

24576:O+LGQb0/HELyxjb/BKSkQ/7Gb8NLEbeZ:O+iQUELyxjVDkQ/qoLEw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f1c0698d1ea3ea6d1040fc7dccadc7c0_NeikiAnalytics.exe

Files

f1c0698d1ea3ea6d1040fc7dccadc7c0_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

5983ecee2610945955cbb48db42e1ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tracefmt.pdb

Imports

advapi32

OpenTraceW
CloseTrace
ProcessTrace
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertSidToStringSidW
RegEnumKeyExW
GetLengthSid
LookupAccountSidW

kernel32

GetModuleHandleExW
GetModuleFileNameW
CompareStringOrdinal
CreateFileW
GetVersionExW
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
CloseHandle
HeapSetInformation
FileTimeToLocalFileTime
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetSystemInfo
SetDllDirectoryW
GetDllDirectoryW
VirtualProtect
HeapFree
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
HeapAlloc
GetProcessHeap
VirtualQuery
GetFileSizeEx
SystemTimeToFileTime
CopyFileW
GetFileAttributesW
CreateDirectoryW
OutputDebugStringW
CompareFileTime
GetPrivateProfileStringW
GetFileTime
GetFileSize
LoadLibraryExW
LocalFree
FormatMessageW
SetLastError
DeleteCriticalSection
GetCurrentDirectoryW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SearchPathW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetEnvironmentVariableA
GetEnvironmentVariableW
HeapDestroy
HeapReAlloc
HeapSize
ReadFile
GetFullPathNameW

msvcrt

strcmp
??1type_info@@UEAA@XZ
_onexit
_commode
_fmode
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
memset
memcmp
memchr
strnlen
fputws
fputwc
strtok_s
sprintf_s
_splitpath_s
strrchr
strchr
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcscpy_s
__C_specific_handler
memmove_s
wcsrchr
memcpy_s
vfwprintf
_wfullpath
atoi
free
printf
_errno
fwrite
fgets
_purecall
wcstok_s
??3@YAXPEAX@Z
wcstoul
strtoul
_vsnprintf
fclose
_wcsicmp
_wfsopen
_vsnwprintf
strtok
??_V@YAXPEAX@Z
exit
wprintf
__CxxFrameHandler3
__iob_func
_wfopen
wcsstr
wcsspn
fgetws
wcschr
iswspace
_wtoi
wcscspn
_snwprintf_s
wcstol
swscanf
_vsnwprintf_s
strncmp
wcsnlen
vsprintf_s
fopen
vfprintf
strncpy_s
_wsplitpath_s
fprintf
_vscprintf
strcpy_s
fputs
strstr
wcscmp

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW

tdh

TdhLoadManifestFromBinary
TdhGetEventInformation
TdhGetEventMapInformation
TdhLoadManifest

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 205KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5983ecee2610945955cbb48db42e1ddd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

version

ntdll

tdh

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 455KB - Virtual size: 455KB

.data Size: 205KB - Virtual size: 249KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 232B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 455KB - Virtual size: 455KB

.data
Size: 205KB - Virtual size: 249KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 232B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 592KB - Virtual size: 596KB