5dd59127dd033c0c67dda7e0cc797aa0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5dd59127dd033c0c67dda7e0cc797aa0_NeikiAnalytics.exe
Size

670KB
MD5

5dd59127dd033c0c67dda7e0cc797aa0
SHA1

77da2257692341383ad1076ac3aa303fceb90575
SHA256

ae61e3f9d68b399eb18f9ff35a1086e6c293d3e238e2699a23e37ba57aec57fb
SHA512

35b8e4afe798219e8bfffa408b82209f135284fea3c81f4d2d55d494a2a63d992bf4fa452ab29a7853c89d9ebe657e12eb14f2abd93738f16ae298050b974762
SSDEEP

12288:sH1+lCFcD1goThydrWUeB+QChZsrwbebPeVmfCUqVfZbdbHF:sVUOoTqy8QCYrLLeYKUML

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dd59127dd033c0c67dda7e0cc797aa0_NeikiAnalytics.exe

Files

5dd59127dd033c0c67dda7e0cc797aa0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

9d008fddfe7aba04b6be2a65be7e15b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mspdbsrv.pdb

Imports

msvcr80

_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
_purecall
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strncpy_s
malloc
_wpgmptr
memcpy_s
sprintf_s
exit
_snwprintf_s
_wdupenv_s
fclose
_wfopen_s
iswspace
memmove
_wcsicmp
wcstoul
wcschr
free
_wcsdup
_time64
_wctime64
__iob_func
fwprintf
vfwprintf
fflush
wcsncpy_s
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
memset
_crt_debugger_hook

advapi32

RegCloseKey
RegOpenKeyExA
GetTokenInformation
OpenProcessToken
RegQueryValueExA

kernel32

InterlockedCompareExchange
Sleep
InterlockedExchange
OpenProcess
QueryPerformanceCounter
GetCurrentThread
GetThreadTimes
QueryPerformanceFrequency
SetUnhandledExceptionFilter
SetErrorMode
VirtualQuery
GetModuleFileNameW
OpenEventW
SetPriorityClass
CreateMutexW
CreateEventW
CreateWaitableTimerA
CreateEventA
CreateMutexA
DuplicateHandle
GetCurrentThreadId
GetTickCount
WaitForSingleObject
SetEvent
ReleaseMutex
UnmapViewOfFile
SetWaitableTimer
CancelWaitableTimer
GetCurrentProcess
CreateFileMappingA
MapViewOfFile
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetCommandLineW
CloseHandle
GetLastError
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetVersion
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
CreateProcessA

rpcrt4

RpcBindingInqAuthClientA
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcServerRegisterIf2
RpcServerUseProtseqEpW
RpcMgmtStatsVectorFree
RpcMgmtInqStats
NdrServerCall2
NdrClientCall2

mspdbcore

?SetErrorHandlerAPI@PDB@@SAHP6APAUIPDBError@@PAU1@@Z@Z
?CloseAllTimeoutPDB@PDB@@SAHXZ
?OpenValidate4@PDB@@SAHPBGPBDPBU_GUID@@KKPAJPAGIPAPAU1@@Z
?OpenEx2W@PDB@@SAHPBGPBDJPAJPAGIPAPAU1@@Z
?FOpen@MREngine@@SGHPAPAU1@PAUPDB@@PAUNameMap@@HH@Z
?FOpen@MREngine@@SGHPAPAU1@PAUMreToPdb@@HH@Z
?FOpenW@MREngine@@SGHPAPAU1@PBGAAJPAGIHH@Z
?open@NameMap@@SAHPAUPDB@@HPAPAU1@@Z
?ShutDownTimeoutManager@PDB@@SAHXZ
?SetPDBCloseTimeout@PDB@@SAH_K@Z

secur32

GetUserNameExW

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d008fddfe7aba04b6be2a65be7e15b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

advapi32

kernel32

rpcrt4

mspdbcore

secur32

Sections

.text Size: 99KB - Virtual size: 98KB

.data Size: 1KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 568KB - Virtual size: 572KB

.text
Size: 99KB - Virtual size: 98KB

.data
Size: 1KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 568KB - Virtual size: 572KB