29624efe0dba10e5fef2527fef3ae450_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

29624efe0dba10e5fef2527fef3ae450_NeikiAnalytics.exe
Size

150KB
MD5

29624efe0dba10e5fef2527fef3ae450
SHA1

b9a54b696176d10b0387734b8e75bbc304e37f31
SHA256

523d411cc6cf6262fb5db0b6752ac84c4bbf450b45c6d0689ae338a390a357d3
SHA512

105ba7e729ebea3d965037a7210bcdbaa0a582142e96327aaee650e92d367f958877d92ff75c9e368e245d7edfe15c0e9e732f1c48225800926eb391d89af01b
SSDEEP

3072:0GQiNbpkKpTngIgsgV1rxexnhXB2X2lQBV+UdE+rECWp7hKo01/:vxntgsgPSXyBV+UdvrEFp7hKoW/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29624efe0dba10e5fef2527fef3ae450_NeikiAnalytics.exe

Files

29624efe0dba10e5fef2527fef3ae450_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

21a02800eff6e6117ba5506313b6651b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\waffle\branches\se_leo\3_develop\lm\src_b\objfre_wnet_x86\i386\OK720LM.pdb

Imports

msvcrt

_amsg_exit
_initterm
free
malloc
_XcptFilter
_errno
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
swprintf
floor
ceil
wcsrchr
_isatty
wcsncpy
wcsncmp
_wcsicmp
memset
memcpy

kernel32

EnterCriticalSection
VerSetConditionMask
LeaveCriticalSection
GetVersionExW
GetTempPathW
InitializeCriticalSection
WaitForSingleObject
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
WritePrivateProfileStringW
GetFileAttributesW
LocalFree
GetLocalTime
OutputDebugStringA
GetTempFileNameW
CreateFileW
WriteFile
GetSystemDirectoryW
lstrcmpiW
GetCurrentThread
GetExitCodeProcess
CreateThread
GetSystemTime
GlobalReAlloc
SetFilePointer
GetFileSize
ReadFile
DeleteFileW
Sleep
VerifyVersionInfoW
CloseHandle
DisableThreadLibraryCalls
GetLastError
GlobalAlloc
GlobalFree
SetLastError
GetTickCount

advapi32

CreateProcessAsUserW
DuplicateTokenEx
OpenThreadToken
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

MessageBoxW
wsprintfW
LoadStringW

spoolss

ClosePrinter
SetJobW
GetPrinterW
GetPrinterDataW
GetPrinterDataExW
SetPrinterDataW
GetJobW
OpenPrinterW

shell32

SHCreateDirectoryExW

wtsapi32

WTSEnumerateSessionsW
WTSSendMessageW
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

pfousup

RtouCloseServer
RtouCloseSession
RtouSendMessage
RtouCloseMessage
RtouResponseMessage
RtouOpenSessionByAddrW
RtouSetMessageCallback
RtouInitServerW

Exports

Exports

DllMain
InitializePrintMonitor2

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21a02800eff6e6117ba5506313b6651b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

spoolss

shell32

wtsapi32

userenv

pfousup

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 2KB