87e166344581e6ad97f1a742efe659d0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

87e166344581e6ad97f1a742efe659d0_NeikiAnalytics.exe
Size

771KB
MD5

87e166344581e6ad97f1a742efe659d0
SHA1

40c40e497c2e75c39cb5cc3ca7b19d609c8ae645
SHA256

88c691f5b0c986349f6cda8f16bd7fc5f6f5f0dcda5cbf94ac10e644dc27a54d
SHA512

dca5a36e1f3c0e177afbcbc8680ccc5fc00d1c07dfa295291914f216b95edde65b7432bad3bd63109ad4336841491bc604615cacaff6bdb5b3ff1b9067b19350
SSDEEP

24576:HCTNJrbfRbCdKLIGd+3W8RSOouHuv3IXDt:2nrtbCd+ddGEOov3YZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
87e166344581e6ad97f1a742efe659d0_NeikiAnalytics.exe

Files

87e166344581e6ad97f1a742efe659d0_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

6c589f7c91a267ac27483cdc49da13ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

_except_handler4_common
wcschr
memchr
strrchr
memcmp
strstr
strchr
memset
memmove
__std_type_info_destroy_list
memcpy

api-ms-win-crt-runtime-l1-1-0

_exit
_errno
_set_invalid_parameter_handler
_beginthreadex
abort
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_endthreadex
_cexit
_initialize_onexit_table
_execute_onexit_table
strerror_s
strerror
_getpid

api-ms-win-crt-convert-l1-1-0

wctomb
strtod
atoi

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
localeconv

api-ms-win-crt-string-l1-1-0

wcscmp
wcscat
wcsncmp
wcslen
_wcsicmp
wcsspn
strcat
strcmp
iswctype
_stricmp
strlen
strncmp
_strnicmp
strcpy
strncpy
strnlen
strspn
strpbrk
tolower
toupper
isdigit
wcscpy

api-ms-win-crt-stdio-l1-1-0

_fileno
_write
_dup
_wopen
__acrt_iob_func
__stdio_common_vfprintf
_isatty
_get_osfhandle
_open_osfhandle
_lseek
fwrite
fputs
fflush
__stdio_common_vswprintf_s
_read
_close
_dup2
_kbhit
__stdio_common_vsprintf
ferror
freopen

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
malloc

api-ms-win-crt-time-l1-1-0

_localtime64
strftime

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_findclose
_wfindnext64i32
_wfullpath
_wunlink
_getdrive
_wmkdir
_wfindfirst64i32

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

abs
rand_s

api-ms-win-crt-math-l1-1-0

_except1

ws2_32

WSASetEvent
WSAEventSelect
WSAEnumNetworkEvents
ioctlsocket
recv
send
WSAGetLastError
WSACloseEvent
WSACreateEvent
closesocket

kernel32

ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
GetLastError
TryAcquireSRWLockExclusive
InitializeSRWLock
RaiseException
CloseHandle
GetFileAttributesW
AcquireSRWLockShared
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
WaitForSingleObject
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Module32Next
Module32First
CreateToolhelp32Snapshot
SetThreadErrorMode
PeekConsoleInputA
ReadConsoleInputA
PeekNamedPipe
WriteFile
ReadFile
CreateEventA
ResetEvent
GetExitCodeThread
WaitForMultipleObjects
CreateEventW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEvent
AttachConsole
AllocConsole
GetLocaleInfoA
FormatMessageW
LocalFree
LoadLibraryW
FreeLibrary
GetStdHandle
TerminateProcess
GetSystemInfo
MoveFileExW
DeviceIoControl
GetFileInformationByHandle
CreateFileW
GetCurrentProcess
SetConsoleMode
GetConsoleMode
GetFileInformationByHandleEx
IsDebuggerPresent
GetFileType
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetModuleHandleA
GetModuleFileNameW
GetWindowsDirectoryW
GetSystemDirectoryW
DebugBreak
GetSystemTimeAsFileTime
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleOutputCP
GetThreadLocale
GetTimeZoneInformation
IsDBCSLeadByteEx
GetCPInfo
GetACP
IsValidCodePage
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GetCurrentDirectoryW

user32

MsgWaitForMultipleObjectsEx
PostMessageA
PeekMessageA
MessageBoxA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

advapi32

GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegLoadMUIStringW
RegCloseKey

ole32

CoTaskMemFree

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c589f7c91a267ac27483cdc49da13ce

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

ws2_32

kernel32

user32

shell32

advapi32

ole32

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 306KB - Virtual size: 305KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 251KB - Virtual size: 252KB

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 306KB - Virtual size: 305KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 251KB - Virtual size: 252KB