05682a6436b6865be60cedff6b434f40_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

05682a6436b6865be60cedff6b434f40_NeikiAnalytics.exe
Size

869KB
MD5

05682a6436b6865be60cedff6b434f40
SHA1

551b3e360ddf778143f60430fa7e5a2da2829df9
SHA256

0ee53e90be5837b3065c81e178abc08887cda258a00131c66b48bf6dfcf949eb
SHA512

b7e413cb4dd89cfbfadc1314fc7f0e1d0694d2cd6c87f95a27453e4f4b0b9dff45fb97fc31dcf042478e25b57059d66fe7d1df0a8be84d8ec9cd3966c29342ac
SSDEEP

24576:nc9XnacpKIues/e2aeV0jUE38Mcw/+yy0+gwAQcOR5X9eZ64:nc9qcpKwsiUS8M//+f09wnLX9e1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05682a6436b6865be60cedff6b434f40_NeikiAnalytics.exe

Files

05682a6436b6865be60cedff6b434f40_NeikiAnalytics.exe
.exe windows:10 windows x86 arch:x86

f769684ca47c350eea891ad5839dff5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vswriter.pdb

Imports

kernel32

GetVolumePathNameW
GetFileTime
GetFileSize
FindVolumeClose
FindNextFileW
FindFirstFileW
FindFirstVolumeMountPointW
DeleteFileW
CreateFileW
CreateDirectoryW
CompareFileTime
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
ReadFile
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExW
FreeLibrary
LocalFree
CloseHandle
GetCurrentThread
FormatMessageW
GetCommandLineW
FindNextVolumeMountPointW
FindVolumeMountPointClose
RemoveDirectoryW
SetFilePointer
WriteFile
GetVolumeNameForVolumeMountPointW
SystemTimeToFileTime
CopyFileW
SetConsoleCtrlHandler
WideCharToMultiByte
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSection
HeapSetInformation
GetLastError
FindClose
GetFileAttributesW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
Sleep
OutputDebugStringA
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsSetValue
OutputDebugStringW
TlsAlloc
GetProcAddress
TlsGetValue
GetSystemTime

msvcrt

__p__commode
_XcptFilter
abort
setlocale
__crtLCMapStringW
__crtGetStringTypeW
__mb_cur_max
_errno
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
__pctype_func
_callnewh
_vsnwprintf
wprintf
_wcsicmp
wcschr
_wcsnicmp
_vsnprintf
wcstol
wcstoul
printf
sprintf
swprintf
towupper
rand
strstr
_amsg_exit
srand
time
memcpy
malloc
_except_handler4_common
__wgetmainargs
__set_app_type
_purecall
memset
memcpy_s
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_controlfp
memmove_s
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
?terminate@@YAXXZ
strcspn
exit
free
sprintf_s
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memchr
__CxxFrameHandler3
_CxxThrowException
localeconv
wcscpy_s
__uncaught_exception
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z

ole32

StringFromCLSID
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitializeSecurity
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
GetErrorInfo
SysAllocStringLen
VariantClear
SysStringLen

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
DeregisterEventSource
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
RegisterEventSourceW
ReportEventW

atl

ord30

user32

LoadStringW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

vssapi

CreateWriterEx

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f769684ca47c350eea891ad5839dff5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ole32

oleaut32

advapi32

atl

user32

rpcrt4

vssapi

api-ms-win-security-lsalookup-l1-1-0

Sections

.text Size: 222KB - Virtual size: 221KB

.data Size: 64KB - Virtual size: 66KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 222KB - Virtual size: 221KB

.data
Size: 64KB - Virtual size: 66KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 576KB - Virtual size: 580KB