bd208c46eab0c2c3b1af0121c634a490_NeikiAnalytics[.]exe

General

Target

bd208c46eab0c2c3b1af0121c634a490_NeikiAnalytics.exe
Size

79KB
MD5

bd208c46eab0c2c3b1af0121c634a490
SHA1

5d1e6c98ac8948290bd0ab3cfe5b7eb423a0452b
SHA256

1958059d321dc497f15583a8249d4f9aa0237398b2f925253fb9f34193bb5c73
SHA512

678df0b1b3a2fb058b62b5cfef914bc1075f6557aa79c9d7f515b12f2b9abe5d5d5e393619bebf51b2d0c7abac270851b2158a202994f14126a0929954ef06b1
SSDEEP

1536:/87atE9Shns4YxTAPyEXPfldq2k7018JyKzanD2BK6A+B:/87ae9ShYxT3gPf8018/anD2BK6VB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd208c46eab0c2c3b1af0121c634a490_NeikiAnalytics.exe

Files

bd208c46eab0c2c3b1af0121c634a490_NeikiAnalytics.exe
.sys windows:5 windows x86 arch:x86

fbbac2b0514833527f1defcd722d954b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Jenkins\repo\Defraggler\Trunk\bin\DFNative\Release\DFNative.pdb

Imports

ntdll

NtClearEvent
NtWaitForSingleObject
NtReleaseMutant
memmove
memcpy
_snprintf
RtlTimeToTimeFields
NtQuerySystemTime
memset
NtCreateMutant
NtCreateEvent
NtSetEvent
_vsnprintf
_chkstk
NtClose
NtReadFile
NtCreateFile
RtlInitUnicodeString
sprintf
RtlCreateUserThread
NtCancelIoFile
_allrem
_alldiv
NtWaitForMultipleObjects
NtFsControlFile
_snwprintf
NtTerminateThread
NtWriteFile
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
atoi
NtQueryValueKey
NtSetValueKey
NtOpenKey
NtAdjustPrivilegesToken
NtOpenProcessToken
NtDeleteFile
_wcsupr
swprintf
toupper
NtDisplayString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
NtFlushBuffersFile
NtSetInformationProcess
NtTerminateProcess
RtlFreeHeap
RtlAllocateHeap
RtlNormalizeProcessParams
RtlRaiseException
vsprintf

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.STL
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbbac2b0514833527f1defcd722d954b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 712B

.CRT Size: 512B - Virtual size: 8B

.STL Size: 512B - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 712B

.CRT
Size: 512B - Virtual size: 8B

.STL
Size: 512B - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 4KB