2295da6e3ea00f99667998034680b930_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2295da6e3ea00f99667998034680b930_NeikiAnalytics.exe
Size

40KB
MD5

2295da6e3ea00f99667998034680b930
SHA1

c445482b086ba95e4153178ce7adf15fc162dca3
SHA256

3579324baa3fb84a5be84dcebd63f72263b97bf802388a9e206d56e92d369a87
SHA512

d01dfdaeda5e48c07d4a5329f0ef86837d813be17dfec8dde7ec34adddd6e6718d7b7e131c09a05aa837b8f07b512163b9a3a783a007cbadb70e4f211c0d580e
SSDEEP

768:zKb5QnWTGkp6PeB5Ekl2GnR8S+P7zt3rtW207EJ3JjfzjP+:zKb2eGeB4GnR8D5pW26O3J3+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2295da6e3ea00f99667998034680b930_NeikiAnalytics.exe

Files

2295da6e3ea00f99667998034680b930_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

5029b55217cc933d91d71092466fedfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

hal

KeReleaseSpinLock

ntoskrnl.exe

ExAllocatePool
ExFreePool
IoCreateDevice
IoDeleteSymbolicLink
KeCancelTimer
KeGetCurrentThread
PsGetCurrentProcess
PsGetCurrentThread

Sections

.text
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ