14292098e81ca875f4bab87a38667a50_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

14292098e81ca875f4bab87a38667a50_NeikiAnalytics.exe
Size

241KB
MD5

14292098e81ca875f4bab87a38667a50
SHA1

f7ddbbea87c344e8ed557cb1a35cca320326e903
SHA256

b272681f3aeb5d9c01857eb04ed47c7450e05a1e9fdcca32de6874d0defef3b4
SHA512

502708e9255c06cd85fb3c55f3633959ac6ce627ce5073418af2b4217289203ed366b6dc2dc6153c68fb256317a3a71d9392650b7083e1b0c60661e49ba54d4b
SSDEEP

3072:4OMRDXVqXEmL5w8hzHj/Xwr5VzjHxPTR8rF1RR40KJVVbAxjBgeEBNF:4OM2EmL5D9OAkJVhAlB1E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14292098e81ca875f4bab87a38667a50_NeikiAnalytics.exe

Files

14292098e81ca875f4bab87a38667a50_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

7c64b9ef951f7154644020f220dc9e72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X:\Work\PeCancer\Versions\pdb\Release\XShell32.pdb

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryA
ResumeThread
CloseHandle
SetFilePointer
ReadFile
CreateFileA
GetModuleFileNameA
SetUnhandledExceptionFilter
VirtualProtect
MapViewOfFile
GetFileSize
CreateFileMappingA
UnmapViewOfFile
GetCurrentProcess
WriteConsoleA
GetStdHandle
GlobalReAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
GetConsoleOutputCP
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
SetHandleCount
LCMapStringW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
GetModuleHandleA
FormatMessageA
GetTickCount
CreateThread
Sleep
InterlockedExchange
ExitProcess
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapAlloc
GetLastError
HeapFree
SetStdHandle
GetFileType
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
DeleteCriticalSection
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar

user32

MessageBoxA
GetSystemMetrics
CreateWindowExA
GetDC
SetWindowRgn
ShowWindow
UpdateWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
SetRect
LoadCursorA
RegisterClassExA
DefWindowProcA
KillTimer
DestroyWindow
BeginPaint
EndPaint
PostQuitMessage
DialogBoxIndirectParamA
GetDlgItem
GetWindowTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowTextA

gdi32

CreateCompatibleDC
GetObjectA
CreateDIBSection
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
DeleteObject
DeleteDC
StretchDIBits
CreateDIBitmap

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.more
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c64b9ef951f7154644020f220dc9e72

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Sections

.text Size: 115KB - Virtual size: 115KB

.more Size: 1024B - Virtual size: 712B

.edata Size: 84KB - Virtual size: 84KB

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 115KB - Virtual size: 115KB

.more
Size: 1024B - Virtual size: 712B

.edata
Size: 84KB - Virtual size: 84KB

.reloc
Size: 40KB - Virtual size: 40KB