2ae149d62d4d3aa458e4cfd295a968e0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2ae149d62d4d3aa458e4cfd295a968e0_NeikiAnalytics.exe
Size

103KB
MD5

2ae149d62d4d3aa458e4cfd295a968e0
SHA1

3d0ef1ce420ddac07fdc8ba8d111017aa397835c
SHA256

f85bad859c0c7a4311f6839148c87716e05bc2fa79efe22da323c46af3d43cbf
SHA512

f19e6fd3044867ccd11becb109abeabaaba8af509d7fcf90d6f23d1966fb3947dd73d5de115184cb86df1aa2ff6cab970eeaf566859305f2d57e7db04a4999ae
SSDEEP

1536:VypIGWGgQumiEgC9961zYyhxysVeBc58bDEDBC2JfpLMam:VypXXgBmfgWBc58bD0827Mam

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ae149d62d4d3aa458e4cfd295a968e0_NeikiAnalytics.exe

Files

2ae149d62d4d3aa458e4cfd295a968e0_NeikiAnalytics.exe
.exe regsvr32 windows:4 windows x86 arch:x86

39778c75c68320155bd8955b8c0d0564

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerA
wsprintfA

kernel32

GetFileSize
GetLastError
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
OpenFileMappingA
GetCurrentProcess
SetEvent
FlushViewOfFile
GetCurrentProcessId
SetFileAttributesA
SetFilePointer
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpA
GetCommandLineW
lstrcpyA
lstrcpynA
lstrlenA
CreateEventA
CloseHandle
FindNextFileA
FindFirstFileA
FindClose
ExitProcess
EnterCriticalSection
DeleteFileA
CreateThread
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
SetErrorMode
ReadFile
ResumeThread
lstrcmpiA
GetFileAttributesA
FileTimeToDosDateTime
GetModuleFileNameW
GetFileTime

msvcrt

strstr

imagehlp

CheckSumMappedFile

ole32

CoTaskMemFree
CoCreateGuid
CoInitialize
CoTaskMemAlloc
CoRegisterClassObject
IsEqualGUID

shell32

CommandLineToArgvW

advapi32

CryptGenRandom
CryptReleaseContext
RegEnumKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueA
RegSetValueA
RegSetValueExA
SetServiceStatus
RegCreateKeyExA
RegDeleteKeyA
CryptAcquireContextA
RegDeleteValueA

ws2_32

ioctlsocket
inet_ntoa
htons
socket
send
gethostbyname
connect
closesocket
WSAStartup
WSAGetLastError
htonl
recv
select
inet_addr

shlwapi

PathFindFileNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39778c75c68320155bd8955b8c0d0564

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

imagehlp

ole32

shell32

advapi32

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 19KB - Virtual size: 22KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 22KB

.reloc
Size: 2KB - Virtual size: 2KB