60bb0d1446a3a587b86f731aaf092f80_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

60bb0d1446a3a587b86f731aaf092f80_NeikiAnalytics.exe
Size

729KB
MD5

60bb0d1446a3a587b86f731aaf092f80
SHA1

cb2a382b048df508787f39bf4d565307a89a1855
SHA256

59bc36795fede2748c9c3f05037ced32dec197044b4a003e9b101d35fc3fef42
SHA512

934f98c100fa4fa106441f602f74e0b3666c6164b1e17bca7e8c696feeb7b147dbf04095b340de6488d124699c1211413e800084032706c3de2bd143180a17b9
SSDEEP

12288:Fw98N9ktzqGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:DN6tztt/sBlDqgZQd6XKtiMJYiPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60bb0d1446a3a587b86f731aaf092f80_NeikiAnalytics.exe

Files

60bb0d1446a3a587b86f731aaf092f80_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

b88724465e5300ab482945b2e7ba1c34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BA\163\b\release\x64\Conduit.Broker.Host.pdb

Imports

oleaut32

SysFreeString
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserSize
BSTR_UserUnmarshal64
BSTR_UserFree
SysAllocString

kernel32

MultiByteToWideChar
FreeLibrary
GetConsoleScreenBufferInfoEx
WriteFile
GetFileSize
SetFilePointer
ReadFile
GetStdHandle
GetFileType
SetConsoleTextAttribute
FlushFileBuffers
WriteConsoleW
DecodePointer
DeleteCriticalSection
GetModuleHandleExW
WideCharToMultiByte
CompareStringOrdinal
InitOnceInitialize
InitOnceExecuteOnce
OutputDebugStringW
CloseHandle
GetCurrentProcess
GetModuleFileNameW
SetLastError
GetEnvironmentVariableW
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetLastError
LoadLibraryExW
GetCommandLineW
Sleep
IsDebuggerPresent
GetCurrentProcessId
__C_specific_handler
TlsSetValue
VirtualQuery
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
SleepEx
VirtualProtect
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
FormatMessageW
RtlPcToFileHeader
EncodePointer
RaiseException
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
SetEvent

rpcrt4

Ndr64AsyncClientCall
RpcBindingToStringBindingW
RpcExceptionFilter
NdrServerCallAll
RpcStringBindingParseW
RpcStringFreeW
NdrClientCall3
UuidCreate
RpcServerRegisterIf2
RpcServerUnregisterIfEx
RpcObjectSetType
RpcServerUseProtseqEpW
RpcBindingInqObject
RpcErrorEndEnumeration
RpcErrorStartEnumeration
RpcErrorGetNextRecord
RpcBindingCreateW
RpcBindingFree
RpcBindingBind
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
NdrServerCall2

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_cexit
__p___argv
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
abort
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_invalid_parameter_noinfo_noreturn
_errno
_c_exit
__p___argc

api-ms-win-crt-string-l1-1-0

_wcsnicmp
_wcsdup
_stricmp
wcsnlen
wmemcpy_s
wcscspn
wcsncmp
iswspace
_wcsicmp
strcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_set_fmode
__p__commode

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-locale-l1-1-0

__pctype_func
___lc_locale_name_func
setlocale
_lock_locales
___mb_cur_max_func
_unlock_locales
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b88724465e5300ab482945b2e7ba1c34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

kernel32

rpcrt4

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 16B

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 16B

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 568KB - Virtual size: 572KB