186649b6406ec6397e6bd4c8ea777920_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

186649b6406ec6397e6bd4c8ea777920_NeikiAnalytics.exe
Size

64KB
MD5

186649b6406ec6397e6bd4c8ea777920
SHA1

87ac06617987509ac0b2d6fef450915eab3fa913
SHA256

d6e606d2c8075b6c4042694f56c0e0bd43084cc82e4b4f426a4143f8e4ee0db3
SHA512

8c150a640a2963986c391a725b68ded2d8e16b3b9e12564279f5d85846ffcd2ca904c5ec8112f304ca9510d945c2904301a8d8505a34f9a21e05f7ef4ee4829a
SSDEEP

1536:75Myll0Z7Dk4p4dN+YZK9Wf9bMwbrWNV:9M0l0Z7Q//DMYrWD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
186649b6406ec6397e6bd4c8ea777920_NeikiAnalytics.exe

Files

186649b6406ec6397e6bd4c8ea777920_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

2dd9d3dcefe142954cd17e67161915ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
FindClose
FindNextFileA
FindFirstFileA
MultiByteToWideChar
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
WinExec
MoveFileExA
GetTickCount
LocalFree
OpenProcess
SetFileAttributesA
GetModuleFileNameA
_lclose
_lopen
GlobalUnlock
GlobalLock
TerminateThread
CreateThread
CreateMutexA
GetLastError
ExitProcess
GetSystemTime
GetStartupInfoA
GetModuleHandleA
Sleep
ExpandEnvironmentStringsA
GetSystemDirectoryA
GetTempPathA
GetTempFileNameA
DeleteFileA
LoadLibraryA
GetProcAddress
GetFileSize
ReadFile
CreateFileA
WriteFile
SetFileTime
CloseHandle
TerminateProcess
GetFileAttributesA

user32

GetDC
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
GetAsyncKeyState
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
FindWindowA
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeAccessData
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
GetDesktopWindow
GetWindowRect

gdi32

SelectObject
BitBlt
CreateCompatibleDC
GetDeviceCaps
GetBitmapBits
CreateBitmap
DeleteObject
CreateCompatibleBitmap
DeleteDC

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteW
CommandLineToArgvW
StrStrIA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance

msvcrt

??2@YAPAXI@Z
mbstowcs
free
wcscmp
malloc
__CxxFrameHandler
_splitpath
_ltoa
sprintf
fclose
fgets
fopen
rand
srand
memmove
_getcwd
_chdir
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strcmpi
??3@YAXPAX@Z

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

urlmon

URLDownloadToFileA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

ws2_32

WSAStartup
htons
closesocket
send
connect
socket
inet_addr
inet_ntoa
gethostbyname

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2dd9d3dcefe142954cd17e67161915ee

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcrt

msvcp60

urlmon

wininet

ws2_32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 3KB