29a881c52bd38eacda89b7ab6b1522b0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

29a881c52bd38eacda89b7ab6b1522b0_NeikiAnalytics.exe
Size

247KB
MD5

29a881c52bd38eacda89b7ab6b1522b0
SHA1

56e040ebf44b0742690eef326677173976282d15
SHA256

1db64b39edb924128844b8f9e858df927416cb02b59bdaeb10b3e608e2a9769c
SHA512

c0c04ff2658904adbeb4362d6b9e2b965932fb8bc15b58ea8e0837238333d010c0c243be6506b911a6a496d8d483f92deb9863c3e66f87459a56482ea3e03f3f
SSDEEP

6144:i0xuoKMLKv07hYLmZx85Pxp0ZOIqju6tE:izoK5giLmyZp0V2C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29a881c52bd38eacda89b7ab6b1522b0_NeikiAnalytics.exe

Files

29a881c52bd38eacda89b7ab6b1522b0_NeikiAnalytics.exe
.exe windows:4 windows x64 arch:x64

6605e5e244b3e492cf5f76cf5499f914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CryptUnprotectData
CryptProtectData
CryptStringToBinaryA
CertFreeCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertOpenStore
CertCreateCertificateContext
CertFindCertificateInStore

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

lstrlenW
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
OpenProcess
GlobalAlloc
TerminateProcess
GlobalFree
GlobalLock
GlobalUnlock
GetFileAttributesW
FormatMessageW
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleW
GetCurrentProcess
PeekNamedPipe
GetOverlappedResult
GetProcAddress
CancelIo
CreateEventW
SetNamedPipeHandleState
lstrlenA
WriteConsoleW
LoadLibraryW
GetCPInfo
FreeLibrary
Sleep
WaitForSingleObject
WriteFile
GetFileSize
GetFileType
MultiByteToWideChar
SetLastError
LocalAlloc
GetACP
WideCharToMultiByte
LocalFree
CloseHandle
GetLastError
SystemTimeToTzSpecificLocalTime
ReadFile
FileTimeToSystemTime
CreateFileW
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
HeapReAlloc
GetThreadLocale
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
ResetEvent
DeleteCriticalSection
GetStartupInfoA
SetHandleCount
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
TlsFree
FlsFree
GetCurrentThreadId
FlsAlloc
LCMapStringA
LCMapStringW

user32

wsprintfW
CharUpperBuffW

advapi32

FreeSid
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
EnumDependentServicesW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceConfigW
QueryServiceConfig2W
StartServiceW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW

shell32

ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CLSIDFromString
StringFromCLSID
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoSetProxyBlanket
CoInitialize

oleaut32

SysAllocStringByteLen
VariantInit
VariantClear
SysAllocString
SysFreeString
SysStringByteLen

shlwapi

SHDeleteKeyW

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6605e5e244b3e492cf5f76cf5499f914

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

psapi

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 176B