2dba80d45f2d567ae04f915fd9c62320_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2dba80d45f2d567ae04f915fd9c62320_NeikiAnalytics.exe
Size

1.0MB
MD5

2dba80d45f2d567ae04f915fd9c62320
SHA1

dabf19430f8b01d66b0b6094e28b9e0b87ed2185
SHA256

c784b2680558c4d973de2570f54e2588b92e067fa8b581199e567b3b7b5eac3b
SHA512

04cddf8e0f290f8017e16ecf344137cf21cce2f758d029ff7c1ce6f1e6a90d668eabf4668cb8c206b475573b81be2736333ba2db63201e0cc0bbc1e2e30c6bbe
SSDEEP

12288:zImm5tbBxfe6qlX9YkIJJ96w0SW05cZ6YSDWmnM4hmpBUmpbU00BvliIKcaU:A5JBFeoX96w0SW059nJhc50v95aU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dba80d45f2d567ae04f915fd9c62320_NeikiAnalytics.exe

Files

2dba80d45f2d567ae04f915fd9c62320_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

849ce44397b8fdf20f0d566562d6ca70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bafl

ord230
ord237
ord236
ord244
ord232
ord231
ord6
ord44
ord266
ord256
ord268
ord277
ord275
ord258
ord78
ord64
ord262

devmancli

ord36
ord26
ord44
ord63
ord65
ord28
ord40
ord34
ord32
ord73
ord51
ord62
ord72
ord75
ord71
ord69

devmancmdmgr

ord32
ord5
ord13
ord25
ord34
ord4

ecom

ord22

efsrv

ord174
ord228
ord58
ord105
ord11
ord54
ord104
ord37
ord50
ord124
ord12
ord4
ord53
ord16
ord212
ord230
ord70
ord260
ord185
ord113
ord214
ord69
ord268
ord111
ord140
ord204
ord26

estor

ord386
ord391
ord412
ord431
ord429
ord411
ord506
ord525
ord523
ord505
ord75
ord105
ord104
ord246
ord245
ord353
ord344
ord544
ord318
ord53
ord546
ord70
ord316
ord430
ord524
ord303
ord248
ord343
ord428
ord521
ord17
ord516
ord16
ord420
ord101
ord440
ord125
ord454
ord480
ord161
ord122
ord400
ord377
ord393
ord354
ord314
ord376
ord446
ord491
ord44
ord441
ord518
ord365
ord366
ord383
ord452
ord384
ord357
ord107
ord46
ord48

euser

ord1366
ord503
ord1330
ord365
ord198
ord100
ord57
ord1474
ord1317
ord526
ord1459
ord430
ord620
ord1613
ord788
ord102
ord1112
ord1367
ord1368
ord1335
ord74
ord353
ord742
ord1113
ord1329
ord355
ord914
ord237
ord1334
ord242
ord1100
ord1615
ord1460
ord787
ord556
ord721
ord187
ord1703
ord1168
ord1722
ord1723
ord976
ord1062
ord369
ord1425
ord1117
ord1188
ord351
ord352
ord840
ord147
ord429
ord619
ord1424
ord368
ord38
ord451
ord1457
ord874
ord1143
ord555
ord1139
ord438
ord1726
ord1798
ord374
ord1033
ord579
ord893
ord144
ord1023
ord1324
ord1174
ord417
ord1238
ord723
ord376
ord356
ord36
ord321
ord216
ord585
ord332
ord1670
ord488
ord214
ord34
ord1663
ord1231
ord185
ord1371
ord657
ord1422
ord838
ord1485
ord750
ord845
ord759
ord1487
ord1493
ord749
ord145
ord10
ord1052
ord1431
ord1656
ord1429
ord1806
ord1219
ord1804
ord569
ord1312
ord956
ord958
ord1402
ord1401
ord1785
ord1790
ord1789
ord1502
ord1760
ord772
ord529
ord35
ord215
ord1232
ord1507
ord327
ord328
ord79
ord594
ord84
ord1029
ord425
ord1423
ord846
ord728
ord628
ord146
ord944
ord139
ord48
ord514
ord47
ord524
ord522
ord28
ord209
ord601
ord1212
ord600
ord73
ord843
ord934
ord1210
ord520
ord1282
ord414
ord868
ord1475
ord78
ord1189
ord1389
ord1048
ord1360
ord183
ord1223
ord1244
ord1236
ord1242
ord1570
ord1751
ord1345
ord774
ord363
ord525
ord716
ord49
ord705
ord667
ord1237
ord722
ord370
ord1765
ord1631
ord1515
ord1032
ord891
ord1584
ord101
ord1574
ord864
ord323
ord138
ord4
ord928
ord1627
ord1027
ord1917
ord825
ord995
ord470
ord3
ord5

flogger

ord2
ord1
ord4
ord5
ord9
ord19
ord21

inetprotutil

ord167
ord87
ord51
ord89
ord197
ord10
ord155
ord175
ord95
ord137
ord177
ord193
ord173
ord71

kernel32

ExitProcess
IsBadReadPtr
RtlUnwind
RaiseException
TlsAlloc
InitializeCriticalSection
TlsFree
TlsGetValue
GetLastError
GetProcessHeap
HeapAlloc
TlsSetValue
LeaveCriticalSection
EnterCriticalSection
HeapFree
GlobalAlloc
GlobalFree
SetFilePointer
WriteFile
CloseHandle
ReadFile
DeleteFileA
DeleteCriticalSection

user32

MessageBoxA

Exports

Exports

_E32Startup

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SYMBIAN
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

849ce44397b8fdf20f0d566562d6ca70

Headers

File Characteristics

Imports

bafl

devmancli

devmancmdmgr

ecom

efsrv

estor

euser

flogger

inetprotutil

kernel32

user32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 28KB - Virtual size: 25KB

.exc Size: 12KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 9KB

.CRT Size: 4KB - Virtual size: 68B

.SYMBIAN Size: 4KB - Virtual size: 48B

.idata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 8KB

.edata Size: 4KB - Virtual size: 79B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 28KB - Virtual size: 25KB

.exc
Size: 12KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 9KB

.CRT
Size: 4KB - Virtual size: 68B

.SYMBIAN
Size: 4KB - Virtual size: 48B

.idata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 8KB

.edata
Size: 4KB - Virtual size: 79B

.reloc
Size: 12KB - Virtual size: 11KB