67cc15b225bb989a28bf09e602bb5f40_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

67cc15b225bb989a28bf09e602bb5f40_NeikiAnalytics.exe
Size

324KB
MD5

67cc15b225bb989a28bf09e602bb5f40
SHA1

161dfffd3f0fe65a885b2adfb0bd6382221d8440
SHA256

dfd254e2008d4a91d2ba18b8abd721eb57991b2e30c5bc7f0ba96df2463b7da7
SHA512

91fe365031443d4d6c26ef52406aa796c7a0bdcc30d42af9be0680c455ec7ca7a8348994f01eb02c9d1714c59c38bf4509801ce488cee33592f45d42c7ad3431
SSDEEP

6144:+OxZcm3uaUFgPbIoGnvowRYqZrEU6nT+hAHzR80vGc4:+OxZcm3uxcb41RYqZN6nT4wVrOc4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
67cc15b225bb989a28bf09e602bb5f40_NeikiAnalytics.exe

Files

67cc15b225bb989a28bf09e602bb5f40_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

7303c52df8dc68bf2c5e4300535d4b80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\b\build\slave\Win\build\src\out\Release\crash_service.exe.pdb

Imports

wininet

HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpQueryInfoW
InternetCrackUrlW
HttpAddRequestHeadersW
HttpOpenRequestW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

kernel32

GetACP
GetOEMCP
OutputDebugStringW
GetDriveTypeW
SetEnvironmentVariableA
LoadResource
LockResource
SizeofResource
FindResourceW
GetUserDefaultUILanguage
CreateFileW
DeleteFileW
SetFilePointer
WriteFile
OutputDebugStringA
CloseHandle
GetLastError
SetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
GetTickCount
GetModuleFileNameW
GetCommandLineW
LocalFree
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
ReadFile
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
GetCurrentProcess
CopyFileW
MoveFileExW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DuplicateHandle
RaiseException
Sleep
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleHandleExW
GetVersionExW
GetNativeSystemInfo
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnregisterWaitEx
RegisterWaitForSingleObject
IsValidCodePage
SetEvent
ResetEvent
QueueUserWorkItem
LoadLibraryW
GetProcessTimes
OpenProcess
ReadProcessMemory
UnregisterWait
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
InitializeCriticalSection
FreeLibrary
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExW
ReadConsoleW
WriteConsoleW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
LoadLibraryExA
GetStringTypeW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
HeapFree
GetConsoleCP
GetConsoleMode
GetFullPathNameW
SetStdHandle
GetFileType
HeapAlloc
GetProcessHeap
ExitProcess
HeapReAlloc
GetCPInfo

ole32

CoTaskMemFree

user32

CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7303c52df8dc68bf2c5e4300535d4b80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

advapi32

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 255KB - Virtual size: 254KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 6KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 255KB - Virtual size: 254KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 6KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 11KB - Virtual size: 10KB