80161123c6d3442496a5a1679d6c5be0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

80161123c6d3442496a5a1679d6c5be0_NeikiAnalytics.exe
Size

49KB
MD5

80161123c6d3442496a5a1679d6c5be0
SHA1

45e07941aac06031cde0b2bdfa80316d47d0f741
SHA256

6ee3152445cf3e99f8aa1eab3be346ee5d835ae0516fd0d7f8cee6836c5af5c5
SHA512

b3437af5feb3823310e5a55856f041f9b727ee8051dff10507751159cee28ef2ab8d22bedd9e4109e4b6ab0f893d586eae2e57984a06ff908cf00c25d46337df
SSDEEP

768:y1n4Lu+m0uZKDxc+jF5CFAXrnA17woDEKT58e7yXjefRSeKulOJ:y1Hb0uMJmmrn9oAKTsje5SBJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80161123c6d3442496a5a1679d6c5be0_NeikiAnalytics.exe

Files

80161123c6d3442496a5a1679d6c5be0_NeikiAnalytics.exe
.dll .vbs windows:4 windows x64 arch:x64 polyglot

d0b7164a05d515b2fd770c7d37dce0a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

perl520

PL_charclass
PL_memory_wrap
Perl_block_gimme
Perl_croak
Perl_croak_nocontext
Perl_newSV
Perl_newSViv
Perl_newSVnv
Perl_newSVpv
Perl_newSVpvn
Perl_newSVpvn_flags
Perl_newXS
Perl_safesysfree
Perl_safesysmalloc
Perl_safesysrealloc
Perl_stack_grow
Perl_sv_2bool_flags
Perl_sv_2iv_flags
Perl_sv_2mortal
Perl_sv_2pv_flags
Perl_sv_grow
Perl_sv_magic
Perl_sv_mortalcopy_flags
Perl_sv_newmortal
Perl_sv_setiv
Perl_sv_setpv
Perl_sv_setpvn
Perl_sv_upgrade
Perl_warn_nocontext
Perl_xs_apiversion_bootcheck
Perl_xs_version_bootcheck

advapi32

AbortSystemShutdownA
AdjustTokenPrivileges
GetUserNameA
GetUserNameW
InitiateSystemShutdownA
IsValidSid
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExW

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindClose
FindFirstFileA
FindFirstFileW
FormatMessageA
FreeLibrary
GetACP
GetComputerNameA
GetConsoleCP
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetLastError
GetModuleHandleA
GetOEMCP
GetProcAddress
GetShortPathNameA
GetShortPathNameW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetVolumeInformationA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCP
SetConsoleOutputCP
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__iob_func
_amsg_exit
_errno
_initterm
_lock
_onexit
_unlock
abort
calloc
free
fwrite
malloc
memcpy
signal
sprintf
strcpy
strlen
strncmp
strrchr
toupper
towupper
vfprintf
wcscpy
wcslen

ole32

CoCreateGuid
CoTaskMemFree
StringFromCLSID

user32

GetActiveWindow
GetSystemMetrics
MessageBoxA
MessageBoxW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

_boot_Win32
boot_Win32

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0b7164a05d515b2fd770c7d37dce0a9

Headers

File Characteristics

Imports

perl520

advapi32

kernel32

msvcrt

ole32

user32

version

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 128B

.rdata Size: 5KB - Virtual size: 5KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 96B

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 72B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 5KB - Virtual size: 5KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 96B

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 72B

.reloc
Size: 512B - Virtual size: 48B