507a9fca3c68131572130997d7321210_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

507a9fca3c68131572130997d7321210_NeikiAnalytics.exe
Size

20KB
MD5

507a9fca3c68131572130997d7321210
SHA1

b5c6b54deb87fa9976053cca54cc006ce0ea844c
SHA256

46250d5b0cf3c50bb94a087f39266542ca8837e266958a92c4aa93ba33f9667c
SHA512

2344aca485bbe58ea3c767a117302a9cc3b57f2a21ec5cf35562eb3cdf4dff59994a5883fe547df7158011db7636fd3a37076148c036e315bf45eb54d2925b46
SSDEEP

384:lUM8KbCgj5DOn8NLiM54Ei3swyNIuJfPI77w/p3hQCKX0sE9tHl:lZbeS5QfE47o3qErHl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
507a9fca3c68131572130997d7321210_NeikiAnalytics.exe

Files

507a9fca3c68131572130997d7321210_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

16451286810d3f927b4182658ef7f82a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

O:\ugnx755\ip4\wntx64\pdb\nldmgr___131832726064.pdb

Imports

libsyss

?SYS_init_cmain@@YAHHPEAPEAD@Z
?ARG_get_switch@@YAPEBDPEBDHPEAH@Z
?ARG_get_count@@YAHXZ
?ARG_get_argument@@YAPEBDH@Z
?SM_realloc@@YAPEAXPEAX_K@Z
?TEXT_format_string@@YAPEAUTEXT_s@@PEBDZZ
?SM_alloc_persistent@@YAPEAX_K@Z
?CFI_read_line@@YAHHPEAPEAD@Z
?NAT_read_header@@YAHHPEAUMACH_representation_s@@PEAUNAT_file_header_s@@@Z
?CFI_write_line@@YAHHPEBD@Z
?NAT_read_indextable@@YAHHPEAUMACH_representation_s@@PEAUNAT_file_header_s@@PEAPEAUNAT_indextable_s@@@Z
?MACH__checking_level@@3HA
?NAT_read_text@@YAHHPEAUMACH_representation_s@@PEAUNAT_file_header_s@@PEAUNAT_indextable_s@@PEAPEAD@Z
?SM_sprintf@@YAPEADPEBDZZ
?SM_alloc@@YAPEAX_K@Z
?TEXT_create_string@@YAPEAUTEXT_s@@PEBD@Z
?TEXT_to_locale_sized@@YAHPEAPEADPEBUTEXT_s@@H@Z
?TEXT_free@@YAXPEAUTEXT_s@@@Z
?CFI_close_file@@YAHPEAHH@Z
?MACH_ask_local_byte_order@@YAHXZ
?fm1220@@YAXPEBH000PEAH@Z
?NAT_open_file@@YAHPEBDHPEAH@Z
?CFI_open_file@@YAHPEBDHHHPEAH@Z
?CFI_get_error_text@@YAPEADH@Z
?SM_free@@YAXPEAX@Z

msvcr90

_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_cexit
_exit
printf
isspace
fgets
__iob_func
strncpy
bsearch
isdigit
qsort
sscanf
exit
_amsg_exit
__getmainargs
__C_specific_handler
_XcptFilter

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16451286810d3f927b4182658ef7f82a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libsyss

msvcr90

kernel32

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 200B

.pdata Size: 512B - Virtual size: 480B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 200B

.pdata
Size: 512B - Virtual size: 480B

.rsrc
Size: 1KB - Virtual size: 1KB