26e6c31d556ac8b9b2454e6d6c4827a0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

26e6c31d556ac8b9b2454e6d6c4827a0_NeikiAnalytics.exe
Size

132KB
MD5

26e6c31d556ac8b9b2454e6d6c4827a0
SHA1

9fd62e3dc2cafd2a817e9cd465fe39bd1f18eda9
SHA256

937341072423823d63296b4b77727cda8e9af251735b6a7372a58cd160d50d38
SHA512

525021bcf40580b58317a84bd87b3ee9b95befa921f784e9409d4b200936bfb9625096745a201b9522313fcba331e677195d2ea31b50e6995eef9386f0bafc73
SSDEEP

3072:k6CHe2+ntOFi3h1zaqi3uO/hQJ7P2HDX/FUc:dC+5O03hxNkuEhQJ7+z/Fd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e6c31d556ac8b9b2454e6d6c4827a0_NeikiAnalytics.exe

Files

26e6c31d556ac8b9b2454e6d6c4827a0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

cb4181b1e7d653c9669a2666e3586e4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetVolumeInformationA
DeleteFileA
CreateFileA
GetDriveTypeA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleFileNameW
VirtualProtect
LockResource
SizeofResource
LoadResource
FindResourceA
CreateProcessW
lstrcatW
lstrcpyW
GetProcessHeap
GetModuleFileNameA
ExitProcess
GetLastError
CreateMutexA
SetLastError
GetCommandLineA
FindFirstFileA
SetThreadContext
GetThreadContext
GetModuleHandleA
GetCommandLineW
GetTickCount
VirtualQuery
VirtualFreeEx
HeapFree
HeapAlloc
IsBadReadPtr
MoveFileExA
GetTempPathA
SetCurrentDirectoryA
CreateDirectoryA
GetWindowsDirectoryA
CreateProcessA
TerminateProcess
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetVersionExA
WideCharToMultiByte
lstrcmpA
lstrcpyA
MoveFileA
SetFileAttributesA
GetFileAttributesA
CopyFileA
MultiByteToWideChar
FindNextFileA
LoadLibraryA
GetProcAddress
SetFileAttributesW
DeleteFileW
CreateFileW
lstrlenA
CloseHandle
ResumeThread
Sleep

user32

wsprintfA
DestroyWindow
DispatchMessageA
PostQuitMessage
DefWindowProcA
RegisterDeviceNotificationA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
CharLowerA
FindWindowExA
GetDesktopWindow
UnregisterDeviceNotification

advapi32

RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
InitiateSystemShutdownExA
RegCloseKey

shell32

SHGetFolderPathW
SHGetFolderPathA

ole32

CoCreateInstance
CoUninitialize
CLSIDFromString
CoCreateGuid

shlwapi

StrChrA
StrRChrA
StrStrA

rpcrt4

UuidToStringA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb4181b1e7d653c9669a2666e3586e4a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

rpcrt4

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 4KB - Virtual size: 1KB