67dc85d6068464d7d79f59cf1ee17520_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

67dc85d6068464d7d79f59cf1ee17520_NeikiAnalytics.exe
Size

81KB
MD5

67dc85d6068464d7d79f59cf1ee17520
SHA1

8f0a4f784cc21f48c1df53afa2b9f29b6cabc599
SHA256

9f2b995246ccda34768c4979865cf5ecd1b2c42863086fa4d0b6eed90d02db09
SHA512

8d08d36cb473d49c7228850d54b03466b14b687cad60a33d0fee3e00ec5c40786135f42f2f282f2920ffb22969a92bcaa3507316bb20cac5d15bd4f4795f87f0
SSDEEP

1536:Ho3hVCe3505p3El21YNeeeAhq5uyqkKoOZy/8/QfEONhT5/iU/Zb9v9MB:HoxCiAGeeeuq5uyqkH8qX5v/N9a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67dc85d6068464d7d79f59cf1ee17520_NeikiAnalytics.exe

Files

67dc85d6068464d7d79f59cf1ee17520_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

0dd7dc3af8b6ba7f23ac71ce6435551e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObjectEx
SetEvent
OpenEventA
InterlockedIncrement
WaitForSingleObject
ExitThread
DeleteFileA
UnmapViewOfFile
lstrcatA
OutputDebugStringA
GetTickCount
GetCurrentThread
WriteProcessMemory
MapViewOfFileEx
CreateFileMappingA
VirtualFree
VirtualAlloc
SetThreadContext
GetThreadContext
CreateRemoteThread
ResumeThread
OpenProcess
CreateProcessA
FindNextFileA
FindFirstFileA
TerminateProcess
ReadProcessMemory
Process32Next
Process32First
CreateToolhelp32Snapshot
ExitProcess
VirtualFreeEx
DuplicateHandle
QueryDosDeviceA
GetLogicalDriveStringsA
CreateThread
SetUnhandledExceptionFilter
SetErrorMode
GetWindowsDirectoryA
GetTempFileNameA
GetTempPathA
GetFileAttributesA
CopyFileA
CreateEventA
CreateFileA
MapViewOfFile
SetFileTime
GetFileTime
GetSystemTimeAsFileTime
GetExitCodeThread
VirtualProtectEx
RemoveDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
OpenFile
ResetEvent
GlobalAlloc
GlobalFree
Sleep
GetSystemDirectoryA
GetVersionExA
IsBadReadPtr
FreeLibrary
lstrcmpA
SetLastError
FlushInstructionCache
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
InitializeCriticalSection
lstrcpynA
lstrcmpiA
HeapFree
GetProcessHeap
HeapAlloc
lstrlenA
HeapReAlloc
GetLastError
lstrcpyA
VirtualQuery
VirtualProtect
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
VirtualAllocEx
LoadLibraryA

user32

wvsprintfA
wsprintfA

advapi32

QueryServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RegQueryValueExA
OpenProcessToken
GetTokenInformation
RegEnumValueA
RegOpenKeyExA
RegCloseKey
ChangeServiceConfigA
CreateServiceA
DeleteService
RegNotifyChangeKeyValue

ole32

CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantInit

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCanonicalizeUrlA
InternetOpenA
InternetQueryDataAvailable
InternetCrackUrlA
InternetSetOptionA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetQueryOptionA
HttpAddRequestHeadersA
HttpQueryInfoA

shlwapi

PathQuoteSpacesA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

ws2_32

shutdown
closesocket
WSAGetLastError
connect
ioctlsocket
htons
htonl
bind
socket
inet_ntoa
getpeername
inet_addr
ntohs
WSAStartup
WSACleanup
gethostbyname
recv
send
ntohl

urlmon

ObtainUserAgentString

Exports

Exports

?unzip@@YAPAXPADPAK@Z
InstallHook
_WorkProc@4
__mp@4

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dd7dc3af8b6ba7f23ac71ce6435551e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

shlwapi

rpcrt4

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 74KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 74KB - Virtual size: 74KB

.reloc
Size: 6KB - Virtual size: 6KB