a3ac10a3a7e88457f77cc6c8cf1a9d00_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a3ac10a3a7e88457f77cc6c8cf1a9d00_NeikiAnalytics.exe
Size

80KB
MD5

a3ac10a3a7e88457f77cc6c8cf1a9d00
SHA1

60cd20ae059e3b5b769431472b412c810d57bc8a
SHA256

70bdc42adb08929a8341c21e2767254f532d6bf74a43852792e52e1b8088411f
SHA512

7d3965d665e04ab73b80ce747cdb87d385ad024bb05c9b0100469017c24e5a27521a892d1c193536740fc8b6a462eb34cfa4b16f4b74352e21b5dc49c94a48e8
SSDEEP

768:XjIrKY+iW/Vlge2sQtTNXzIIdWAodYhy1hm8QBg/muYb7bIgq:TIrKTplgKgx2AodqyXz8g+XXlq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3ac10a3a7e88457f77cc6c8cf1a9d00_NeikiAnalytics.exe

Files

a3ac10a3a7e88457f77cc6c8cf1a9d00_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

4c2b420239cd853e52de369011acb266

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
GetLastError
CreateFileMappingA
SetLastError
lstrcatA
lstrcpyA
UnmapViewOfFile
WaitForMultipleObjects
GetVersionExW
FindClose
FindNextFileW
SetFileAttributesW
lstrcmpiW
FindFirstFileW
GetFileSize
CreateFileW
GetFileAttributesW
LoadLibraryW
GetVolumeInformationW
MoveFileW
lstrcmpW
GetDriveTypeW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
GetComputerNameW
MoveFileExW
Sleep
SetCurrentDirectoryW
GetTempPathW
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
LoadLibraryA
lstrcpyW
WriteProcessMemory
VirtualAllocEx
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameW
DuplicateHandle
GetCurrentProcessId
VirtualFreeEx
VirtualFree
VirtualAlloc
VirtualQuery
GetProcessVersion
CreateMutexA
GetFileAttributesExW
GetModuleFileNameW
CreateEventW
ReadFile
InitializeCriticalSection
GetCurrentProcess
GetVersionExA
SetFilePointer
CreateDirectoryW
LockFile
GetCurrentThread
GetQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrcmpiA
lstrcatW
ResetEvent
CreateEventA
lstrlenW
WaitForSingleObject
TerminateProcess
TerminateThread
UnlockFile
CloseHandle
DeleteFileW
CopyFileW
SetEvent
ExitProcess
ExitThread
CreateThread
GetModuleHandleA
GetProcAddress
CreateRemoteThread
SetUnhandledExceptionFilter

user32

GetWindowThreadProcessId
wsprintfA
GetShellWindow
CharLowerW
wsprintfW

advapi32

AdjustTokenPrivileges
GetUserNameW
RegNotifyChangeKeyValue
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegFlushKey
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegDeleteValueW
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoUninitialize
CoCreateInstance
CoCreateGuid

shlwapi

StrStrW
StrCmpNIW
StrChrW
PathRemoveArgsW
PathFindFileNameW
StrRChrW

ws2_32

closesocket
WSAStartup
WSARecvFrom
htons
WSASocketW
WSASendTo
WSAGetLastError

dnsapi

DnsRecordListFree
DnsQuery_A

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c2b420239cd853e52de369011acb266

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

dnsapi

wininet

Sections

.text Size: 40KB - Virtual size: 39KB

code Size: 8KB - Virtual size: 7KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

code
Size: 8KB - Virtual size: 7KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 4KB