0c7ba9cd28676c99512e3e271e628190_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c7ba9cd28676c99512e3e271e628190_NeikiAnalytics.exe
Size

1.4MB
MD5

0c7ba9cd28676c99512e3e271e628190
SHA1

c7f31c7dfd411aa29404446bbf0ddd63233afa88
SHA256

5865c891cad474fb715adb19d2ff9e47488aa368a42dcfc2b171d0ec59133068
SHA512

78ba66f1b1d2dd0c8f82fa27465c7dd68b8ba64b3216343592b07dd78947115c91121439fd36b499aae7ddfc05ee650a2b29eccd22f6719ce6b95f63317e0a5b
SSDEEP

24576:BQ2PezRrA9kYQvG6b1kLrJ9NlfEn370WL4EAo50T:BQ2PSSSH1kHZoX48S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c7ba9cd28676c99512e3e271e628190_NeikiAnalytics.exe

Files

0c7ba9cd28676c99512e3e271e628190_NeikiAnalytics.exe
.exe windows:4 windows

720c886028db8a7751d3b002098f0b27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

urlmon

UrlMkGetSessionOption

shell32

SHGetSpecialFolderLocation

wsock32

WSACleanup

ntdll

NtQueryInformationProcess

rpcrt4

UuidCreateSequential

Sections

CODE
Size: 981KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE