05ca60cda2e5549a89db4a89aa271790_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

05ca60cda2e5549a89db4a89aa271790_NeikiAnalytics.exe
Size

2.4MB
MD5

05ca60cda2e5549a89db4a89aa271790
SHA1

ab6d2ff5b891d24ce6410fd03ac1eecfb5dd517e
SHA256

5b59886fdafb7394f31209da52af43d37ce8bf5629bb6d0c6eb915d97b13f7b9
SHA512

47183a740d16dd9c94b6ff0f1b1739b12cd4c1104951ef9017754ea8d5b27dcde7a2e5ce16e233626b11ad27a1344ecf17ead3f066f3d5c340a38575904e68ba
SSDEEP

49152:wHJM5B1uCtZpwgCD9jTJjuOfGxpEYPFTqucb4DjEZ1a4:w6tZ6gCDJJjuOfGIh4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05ca60cda2e5549a89db4a89aa271790_NeikiAnalytics.exe

Files

05ca60cda2e5549a89db4a89aa271790_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

f7a0207a33b9182466f21e99b8b4d73a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

iphlpapi

SendARP
GetAdaptersAddresses

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

kernel32

K32GetModuleFileNameExW
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
ReadFile
CopyFileW
DeleteFileW
CreateFileA
CreateDirectoryW
FindNextFileW
FindClose
GetFileAttributesA
WTSGetActiveConsoleSessionId
GetCurrentProcess
GetProcessId
GetFileAttributesW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
FindResourceW
GetModuleHandleW
SizeofResource
LoadResource
LockResource
GetCurrentProcessId
GetModuleFileNameW
ExitProcess
GetTempPathW
GetComputerNameA
GetSystemDirectoryW
IsWow64Process
TlsSetValue
MultiByteToWideChar
GetModuleHandleA
GetCommandLineW
lstrcmpiW
GetModuleFileNameA
lstrlenA
lstrcatA
HeapAlloc
GetProcessHeap
HeapFree
DeleteFileA
MoveFileA
HeapReAlloc
ReadConsoleInputW
SetConsoleMode
SetStdHandle
Sleep
TlsGetValue
CreateWaitableTimerW
VerifyVersionInfoW
VerSetConditionMask
SetLastError
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemTimeAsFileTime
SleepEx
SetEvent
QueueUserAPC
TerminateThread
WaitForMultipleObjects
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CloseHandle
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetLastError
TlsAlloc
LocalFree
GetFileInformationByHandle
WideCharToMultiByte
FormatMessageW
FormatMessageA
GetFullPathNameW
GetOEMCP
GetACP
FreeEnvironmentStringsW
GetCurrentDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
IsValidCodePage
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileSizeEx
GetEnvironmentStringsW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
OpenProcess
CreateFileW
SetEnvironmentVariableW
TlsFree
GetDriveTypeW
HeapSize
WriteConsoleW
GetTickCount
GetCommandLineA
FindFirstFileExW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
TryEnterCriticalSection
GetCurrentThreadId
SwitchToThread
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStdHandle
GetFileType
FreeLibrary
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
SystemTimeToFileTime
ReleaseSemaphore
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwind
ExitThread
GetModuleHandleExW
SetConsoleCtrlHandler
GetConsoleCP
GetTimeZoneInformation

user32

GetUserObjectInformationW
GetProcessWindowStation
SetTimer
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxA

advapi32

CloseServiceHandle
RegGetValueW
RegOpenKeyExA
RegGetValueA
RegSetValueExA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCreateKeyW
StartServiceCtrlDispatcherW
StartServiceW
OpenServiceW
OpenSCManagerW
CreateServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegDeleteKeyExW
ConvertSidToStringSidA
LookupAccountNameA
RegCreateKeyExW
GetUserNameW
LsaOpenPolicy
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegOpenKeyExW

shell32

ShellExecuteExW
CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

ws2_32

inet_addr
socket
htons
getsockopt
connect
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
WSAGetLastError
setsockopt
WSASocketW
WSASend
WSARecv
select
shutdown
ioctlsocket
closesocket
recv
WSAAddressToStringA
WSASetLastError
send

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7a0207a33b9182466f21e99b8b4d73a

Headers

DLL Characteristics

File Characteristics

Imports

version

iphlpapi

userenv

wtsapi32

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 442KB - Virtual size: 441KB

.data Size: 53KB - Virtual size: 81KB

.rsrc Size: 481KB - Virtual size: 480KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 442KB - Virtual size: 441KB

.data
Size: 53KB - Virtual size: 81KB

.rsrc
Size: 481KB - Virtual size: 480KB