4670c5117df4bd07d60ccd3b8d26ffd0_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4670c5117df4bd07d60ccd3b8d26ffd0_NeikiAnalytics.exe
Size

138KB
MD5

4670c5117df4bd07d60ccd3b8d26ffd0
SHA1

1d32ffcf57c4debafa5071fcf370e4dd1d6d36b0
SHA256

070a91b91f9b49e88d24ae9f3708dbd0512f4fe3b7973bd0b1b0c17aa7a4d508
SHA512

2c9a2f69f4298b2bb0e0faadf2496c96fabf36d4afbaf90f2d9ec9c39a483d03e463ab0be79a09937544059980dbe5efe73299b2de41ff8c29ce5b5727700369
SSDEEP

3072:Q9T5mRmw/YCI7XB9OvwgxEUYx5VK9GBeStFiift7G1Of:QyEsijDVT8StFjJG1O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4670c5117df4bd07d60ccd3b8d26ffd0_NeikiAnalytics.exe

Files

4670c5117df4bd07d60ccd3b8d26ffd0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

6340d56621021b5eee2afddc693eab68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseDC

gdi32

BitBlt

advapi32

GetUserNameA

shell32

ord680

ole32

CreateStreamOnHGlobal

ntdll

memcpy

wininet

InternetOpenA

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup

psapi

GetModuleFileNameExA

mpr

WNetCloseEnum

Sections

.MPRESS1
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lol0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lol1
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ