4f6814cd2db5b9856513de29c0f12f60_NeikiAnalytics[.]exe

General

Target

4f6814cd2db5b9856513de29c0f12f60_NeikiAnalytics.exe
Size

170KB
MD5

4f6814cd2db5b9856513de29c0f12f60
SHA1

60031ed6fc9e22c83e0bf2a21aa6d148f6dc69fc
SHA256

2f20ed00d541832f0255594c4014e4a32e75ae22d6f1228d40d20436895adb12
SHA512

3faae23afb65852bea634b83b6f27889ff2f3fa76336733172745c943680b50c2e9a2c6e8ef2130ee212b2d35ca34b92a97adfa26baa8d92c55bc198b9c1ca07
SSDEEP

3072:Y8Ris+h/c/boyGIm11I5utVSKJOzDrJmKgl6jVciEWY7TJRLf3ARzjqVc1kDnE0j:3//m11IefJOzDQliEWY7vU8cKVj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f6814cd2db5b9856513de29c0f12f60_NeikiAnalytics.exe

Files

4f6814cd2db5b9856513de29c0f12f60_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

39231531cd7f310a6c2e0d84e9e9c3d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
WaitForSingleObject
SetEvent
GetTickCount
CreateThread
CreateEventA
ExitProcess
WinExec
GetTempPathA
FindResourceA
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
OpenMutexA
GetCommandLineW
GetLocalTime
GetCurrentProcess
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SizeofResource
LoadResource
LockResource
GlobalAlloc
lstrcmpiW
lstrcatW
CreateFileW
CloseHandle
lstrlenW
WriteFile
Sleep
DeleteFileW
LoadLibraryA
GetProcAddress
CreateFileA
GetLastError
CopyFileA
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetStringTypeW

user32

wsprintfA

advapi32

RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
QueryServiceStatus
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
SetServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
CommandLineToArgvW

shlwapi

PathFileExistsA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39231531cd7f310a6c2e0d84e9e9c3d0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 13KB - Virtual size: 13KB

.rsrc Size: 137KB - Virtual size: 137KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 137KB - Virtual size: 137KB