bc2fe0675ab72a7685d997c133ea3000_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bc2fe0675ab72a7685d997c133ea3000_NeikiAnalytics.exe
Size

9.1MB
MD5

bc2fe0675ab72a7685d997c133ea3000
SHA1

9c515e492f0566eb9e569dff2921c9dad75e758f
SHA256

2e8e68566c4a10693cb98b3831327d755c5ed02da87d80b913bd2ca8cba5f9e5
SHA512

763655ca1bdab1a9ceb11fab931a20e3a3f408af8cd8f11e023ba8ca27314a42b8844bff12249089caf86ea2d4fb18315b7fc033f3d4c1f0d4a15727281a27f4
SSDEEP

196608:WwUpXLzIc5SAhDeHNY3ubOuuIubf/jT2dfyc/yN/smH+:WwGXLzeAJeHmpuuhz//6amyN/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc2fe0675ab72a7685d997c133ea3000_NeikiAnalytics.exe

Files

bc2fe0675ab72a7685d997c133ea3000_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

44bba91bbe0dbbf7ddda1aaeca21a456

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Company\PCProject\Common\Temp\Release\DongFangInstallSilent.pdb

Imports

shlwapi

PathFileExistsW

kernel32

LoadLibraryW
GetCurrentProcess
DeleteFileW
Sleep
CloseHandle
WriteFile
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
GetTempPathW
CreateDirectoryW
MultiByteToWideChar
GetTickCount
CreateProcessW
WaitForSingleObject
GetLastError
GetProcAddress
MoveFileExW
FormatMessageW
CreateMutexW
ReleaseMutex
CreateThread
GetFullPathNameA
GetFileInformationByHandle
ExitThread
FindFirstFileA
GetDriveTypeA
FreeLibrary
GetModuleFileNameW
FindFirstFileW
FindNextFileW
FindClose
GetPrivateProfileStringW
WritePrivateProfileStringW
AreFileApisANSI
WideCharToMultiByte
GetCurrentDirectoryA
TlsSetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
SleepEx
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
MoveFileW
GetVersionExA
GetProcessHeap
GetStartupInfoW
LCMapStringA
LCMapStringW
GetCPInfo
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsFree
SetLastError
GetCurrentThreadId
ReadFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetACP
GetOEMCP
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryA
CreateFileA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoInitialize
OleUninitialize

ws2_32

sendto
recvfrom
recv
listen
getservbyport
select
ioctlsocket
gethostname
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
WSASetLastError
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
__WSAFDIsSet
send
socket
closesocket
WSAGetLastError
WSAStartup
WSACleanup
accept

wldap32

ord14
ord145
ord216
ord208
ord26
ord133
ord127
ord142
ord79
ord147
ord167
ord301
ord27
ord41
ord46
ord118

Sections

.text
Size: 344KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44bba91bbe0dbbf7ddda1aaeca21a456

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

advapi32

shell32

ole32

ws2_32

wldap32

Sections

.text Size: 344KB - Virtual size: 342KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 16.7MB - Virtual size: 16.7MB

.text
Size: 344KB - Virtual size: 342KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 16.7MB - Virtual size: 16.7MB