23db645f63208fe74697532c5e5b94c0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

23db645f63208fe74697532c5e5b94c0_NeikiAnalytics.exe
Size

84KB
MD5

23db645f63208fe74697532c5e5b94c0
SHA1

d29ed7efe60d3c1af3301d713c7e1d6f4fe6d3e7
SHA256

6886e149224b1cfdeeb2f74c6a974a15f41a8fed0234cb952afb3f109ba9faaa
SHA512

700fe8f999573e6f32207a1509b6467da68938cf4a1ea93842e97f52e493927d54df33d7e47e4ae94309d600187266a68b1cfa0041061d9307a43440e7c2901f
SSDEEP

1536:2FCVZy6FWpj1vXFcrdCxJFCZf2XYDe7goTCJTz6bTzeYMJNNiok:lZ81mBUSZfRA4+eYMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23db645f63208fe74697532c5e5b94c0_NeikiAnalytics.exe

Files

23db645f63208fe74697532c5e5b94c0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

1467dfd7eec071ab9edf1bb4a67b7169

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetTempPathW
FindClose
LoadLibraryA
Process32FirstW
SetNamedPipeHandleState
Process32NextW
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
lstrcpyW
SetFileAttributesW
GetFileSize
SetFilePointer
SetEndOfFile
GetTickCount
CreateTimerQueueTimer
GetThreadPriority
GetUserDefaultUILanguage
WideCharToMultiByte
GetDriveTypeW
GetLogicalDrives
SetFileTime
GetCommandLineA
CopyFileW
GetModuleFileNameW
GetFileTime
MultiByteToWideChar
ExpandEnvironmentStringsW
FileTimeToDosDateTime
HeapReAlloc
GetNativeSystemInfo
HeapAlloc
SystemTimeToFileTime
DisconnectNamedPipe
HeapFree
GetComputerNameW
VirtualFree
GetProcessHeap
IsBadReadPtr
VirtualQueryEx
Thread32First
VirtualFreeEx
ReadProcessMemory
GetVersionExW
HeapDestroy
HeapCreate
Thread32Next
GetTimeZoneInformation
GetFileSizeEx
OpenMutexW
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
WaitForMultipleObjects
ReleaseMutex
FileTimeToLocalFileTime
DeleteFileW
GetFileInformationByHandle
LocalFree
MoveFileExW
GlobalLock
GlobalUnlock
GetExitCodeProcess
SetThreadPriority
CreateFileW
ReadFile
Sleep
OpenProcess
GetProcessTimes
WriteFile
WaitNamedPipeW
GetCurrentThread
CreateNamedPipeW
ConnectNamedPipe
CreateDirectoryW
CreateProcessW
FreeLibrary
FindFirstFileW
CreateMutexW
GetTempFileNameW
lstrcmpiW
lstrcpyA
CreateThread
CloseHandle
ResetEvent
SetLastError
GetLastError
SetEvent
lstrcmpiA
ExitThread
WriteProcessMemory
GetCurrentProcessId
CreateEventW
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
WaitForSingleObject
SetErrorMode
SetThreadContext
GetThreadContext
ExitProcess
SetFilePointerEx
GetSystemTime

user32

OpenWindowStationA
GetForegroundWindow
CloseDesktop
ExitWindowsEx
CloseWindowStation
CharLowerBuffA
SetProcessWindowStation
GetCursorPos
GetIconInfo
DrawIcon
LoadCursorW
SetThreadDesktop
OpenDesktopA
ToUnicode
GetKeyboardState
GetWindowThreadProcessId
TranslateMessage
GetClipboardData
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
CharLowerW

advapi32

CryptAcquireContextW
GetSidSubAuthority
CryptGetHashParam
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
DuplicateTokenEx
LookupAccountSidW
CreateProcessAsUserW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
GetUserNameW
OpenProcessToken
OpenThreadToken
GetSidSubAuthorityCount
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
CryptHashData
RegSetValueExA
RegCreateKeyExA

shlwapi

StrCmpNIA
wvnsprintfA
wnsprintfA
wnsprintfW
SHDeleteKeyA
PathCombineW
StrCmpNIW
PathMatchSpecW
StrStrW
PathFindFileNameW
PathRemoveFileSpecW
wvnsprintfW

shell32

SHGetSpecialFolderPathW

secur32

GetUserNameExW

psapi

GetModuleFileNameExW

ole32

CoCreateInstance

ws2_32

freeaddrinfo
recv
WSAGetLastError
getsockname
getpeername
connect
WSAAddressToStringW
WSAStartup
recvfrom
select
shutdown
setsockopt
sendto
bind
WSASetLastError
listen
accept
WSAIoctl
socket
WSASend
closesocket
getaddrinfo
send

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

InternetOpenUrlA
HttpSendRequestW
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetCookieA
HttpOpenRequestA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1467dfd7eec071ab9edf1bb4a67b7169

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

psapi

ole32

ws2_32

crypt32

wininet

Sections

.text Size: 77KB - Virtual size: 77KB

.data Size: 1024B - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 4KB

.data1 Size: 512B - Virtual size: 4KB

.text
Size: 77KB - Virtual size: 77KB

.data
Size: 1024B - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 4KB

.data1
Size: 512B - Virtual size: 4KB