aca76f723938c381f5e5d5fa01936f10_NeikiAnalytics[.]exe

General

Target

aca76f723938c381f5e5d5fa01936f10_NeikiAnalytics.exe
Size

76KB
MD5

aca76f723938c381f5e5d5fa01936f10
SHA1

6cc78fd9c75377ccb26d03da5a54a95a2dfdff9b
SHA256

7b3f865423d8e4d160c9e19e7ba58e7674be5712f3d00bd540a2009a8bc71053
SHA512

fcd0b28098417efa251c4bc2475bdbe0865c4b75e9f9a668f75d1d0a62b969cd0b4dba96de6707fc5e55a65dfebf9236dc2ff8d6d3400782c6b153ed648f14c1
SSDEEP

1536:MUcgZQr4maCzDjYqLoDQjtnQah4sBqoJUdFieu/NAx7sGSVT:Bcga1DkqLo8jtnQmFAtsGM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aca76f723938c381f5e5d5fa01936f10_NeikiAnalytics.exe

Files

aca76f723938c381f5e5d5fa01936f10_NeikiAnalytics.exe
.dll .js windows:4 windows x86 arch:x86 polyglot

e63b1a1e31ed2374ce117d40e4e4c269

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strchr
RtlTimeToSecondsSince1970
NtQuerySystemTime
sscanf
_itoa
RtlImageDirectoryEntryToData
atol
RtlAdjustPrivilege
strncpy
tolower
_snwprintf
strcat
RtlComputeCrc32
memset
strncmp
vsprintf
strcmp
wcsstr
wcslen
_snprintf
atoi
_memicmp
memcpy
memcmp
strlen
_aullrem

kernel32

FindFirstFileA
InterlockedExchange
LocalAlloc
CreateMutexA
GlobalFree
GlobalAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
VirtualProtect
WideCharToMultiByte
GetCommandLineA
ExitProcess
WriteFile
SetFilePointer
GetCurrentProcessId
VirtualFree
VirtualAlloc
InterlockedDecrement
GetTickCount
Sleep
GetLastError
GetModuleHandleA
InterlockedIncrement
WaitForSingleObject
SetEvent
GetCurrentThread
CreateEventA
ResetEvent
CreateThread
TerminateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OpenProcess
lstrcmpiA
GetModuleFileNameA
DeleteCriticalSection
CloseHandle
FreeLibrary
GetVersionExA
GetProcAddress
FindClose
LoadLibraryA
FindNextFileA
CreateFileA
VirtualQuery
GetCurrentProcess
Process32First
MultiByteToWideChar
Process32Next
CreateToolhelp32Snapshot
RaiseException

Exports

Exports

ImpersonateAsInput
ModuleLoad
ModuleUpdate
SetInputDesktop

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e63b1a1e31ed2374ce117d40e4e4c269

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 4KB - Virtual size: 3KB