59f77ee183b03ae46317d44c8330a6c0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

59f77ee183b03ae46317d44c8330a6c0_NeikiAnalytics.exe
Size

203KB
MD5

59f77ee183b03ae46317d44c8330a6c0
SHA1

371c3b110bbd5653ef9191ab5af77d5d9ef1190c
SHA256

601ccb4f5b110444b097406cc40947a9c5ca774aa5d279503a021e11bd328312
SHA512

314ba717dd06f3e6dbb3e2ca08c04d428ef4f1b8e1f812537b1f8beab9199fd2b77b56f35b6d5c1eb7faf4ed56fe6b6ac2b669a0a1db1e6556eceed11c4727cf
SSDEEP

3072:xEoj4It0Ge/XsOUPvmWET0JZPtydXdXYRT/NlaJsdOHf7l21cbAH:xEfs0Vajs0jiNYdNllOHDlH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59f77ee183b03ae46317d44c8330a6c0_NeikiAnalytics.exe

Files

59f77ee183b03ae46317d44c8330a6c0_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

1a413d82de579ce8838b46c9f90bdc31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Work\adGuard\Release\adc.pdb

Imports

psapi

GetModuleFileNameExA
GetMappedFileNameA

oleacc

AccessibleObjectFromWindow
ObjectFromLresult

version

VerQueryValueA
GetFileVersionInfoA

kernel32

TlsGetValue
TlsAlloc
CreateFileA
LoadLibraryW
SetStdHandle
MapViewOfFile
UnmapViewOfFile
GetTickCount
GetSystemDirectoryA
LoadLibraryA
OpenMutexA
CreateFileMappingA
GetModuleFileNameA
CreateMutexA
CloseHandle
OpenFileMappingA
FreeLibrary
GetCurrentProcess
QueryDosDeviceA
Process32First
OpenProcess
Thread32First
Sleep
TerminateProcess
Thread32Next
Module32First
GetProcAddress
SetFileAttributesA
OpenThread
Process32Next
CreateToolhelp32Snapshot
GetVersionExA
WinExec
TlsSetValue
DeleteFileA
lstrcmpA
WaitForSingleObject
CreateEventA
GetCurrentProcessId
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
WriteConsoleW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
HeapSize
FlushFileBuffers
SetFilePointer
ReadFile
ExitProcess
GetStartupInfoW
CreateFileW
SetEndOfFile
SuspendThread
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WriteFile
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
SetHandleCount
SetLastError
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
HeapAlloc
GetCommandLineA
RaiseException
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsFree

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PostThreadMessageA
GetClassNameA
MsgWaitForMultipleObjects
GetParent
RegisterWindowMessageA
TranslateMessage
PeekMessageA
SendMessageTimeoutA
GetDesktopWindow
DispatchMessageA
IsWindowVisible
GetWindow
GetWindowRect
SendMessageA
IsWindow
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

ntdll

NtQueryInformationThread
RtlUnwind
_itoa

Exports

Exports

InstallHook
UnInstallHook

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a413d82de579ce8838b46c9f90bdc31

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

oleacc

version

kernel32

user32

advapi32

ole32

oleaut32

ntdll

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB