544f7ae4d4b11f764421ad9683d2d700_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

544f7ae4d4b11f764421ad9683d2d700_NeikiAnalytics.exe
Size

805KB
MD5

544f7ae4d4b11f764421ad9683d2d700
SHA1

7ab5ac3105cc5f01d12ab0bec499d10d61d2d45d
SHA256

f84006bacf98971240b7a22c905e007ff46ec87ac9e6ac32461b3b20fffafb28
SHA512

27bf1b94859737de91c7c5ef4ed0c9c272bd4a82b2fdbd55e96d07b6a0f4b1b2107b321a70aecd0f1644bc6a70789f1c2ffca00d9e5911362196e9890f750a17
SSDEEP

12288:znPL3VrRqen/Qlh9cSAYIvhYGm39P+0VEzbfWt6ycSleIQn+ii:zPr22AhZAYK5QZEzbegyteIQx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
544f7ae4d4b11f764421ad9683d2d700_NeikiAnalytics.exe

Files

544f7ae4d4b11f764421ad9683d2d700_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

a5797404d9a5b922aa7a6e5ea91fd26c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\.jenkins\workspace\tas2-st\build\vc9\buildall\Release\TASLogin.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SetEvent
WriteFile
CreateFileW
GetTempPathW
OpenFileMappingW
OpenEventW
CloseHandle
LoadLibraryW
GetModuleFileNameW
GetCurrentThreadId
CreateThread
ExitProcess
GetCurrentProcess
GetModuleHandleW
GetTickCount
OpenProcess
TerminateThread
Sleep
CreateEventA
GetProcAddress
LoadLibraryA
OpenMutexA
GetModuleHandleA
CreateMutexA
ExpandEnvironmentStringsW
CreateFileMappingA
OpenEventA
OpenFileMappingA
SetLastError
FreeLibrary
MultiByteToWideChar
GetCurrentProcessId
CreateDirectoryW
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
FindFirstFileW
FindClose
SetFileAttributesW
CreateFileA
CreateFileMappingW
GetModuleFileNameA
VirtualProtect
GetFileTime
VirtualFree
ReadFile
GetLastError
VirtualAlloc
DeviceIoControl
GetProcessHeap
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetFilePointer
HeapReAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
HeapFree
HeapAlloc
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize

user32

LoadAcceleratorsW
TranslateAcceleratorW
GetMessageW
DispatchMessageW
BeginPaint
RegisterClassExW
wsprintfW
SetWindowPos
TranslateMessage
DefWindowProcW
GetClientRect
UpdateWindow
DestroyWindow
SetWindowLongW
SendMessageW
EndPaint
ClientToScreen
PostQuitMessage
CreateWindowExW

oleaut32

SysAllocStringByteLen
SysStringLen
SysStringByteLen
SysFreeString
SysAllocString

psapi

GetModuleInformation

shlwapi

PathRemoveFileSpecW
PathAppendW

ws2_32

ntohl
ntohs
htons
htonl

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 526KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.nrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a5797404d9a5b922aa7a6e5ea91fd26c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

psapi

shlwapi

ws2_32

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 48KB - Virtual size: 47KB

.tvm0 Size: 526KB - Virtual size: 528KB

.reloc Size: 5KB - Virtual size: 8KB

.nrdata Size: 72KB - Virtual size: 72KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 48KB - Virtual size: 47KB

.tvm0
Size: 526KB - Virtual size: 528KB

.reloc
Size: 5KB - Virtual size: 8KB

.nrdata
Size: 72KB - Virtual size: 72KB