8bcafa8066be46facb507a5ce7f45620_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8bcafa8066be46facb507a5ce7f45620_NeikiAnalytics.exe
Size

2.6MB
MD5

8bcafa8066be46facb507a5ce7f45620
SHA1

b80d189efbfda044948f37d2f22fe1ebf987163c
SHA256

119d7df649d9efdab5ec52ace3ca9658e8e2332d3ab81fc1cb8b83f1e5715574
SHA512

eb743a8de90884943d1198fdb81d4bbfd62e40132424b1d61d86af9c20f9b4ce1fc1bcb357cfd43790910cb5c38521bb951b87398ec891bea2aaf1926516804d
SSDEEP

49152:Qqj6bcSAgHmmpMqHQGAl1JEKTOCkvqadJNFohmkhWNEa3wik6twfs:/jecHc/UnPiiadJNFv/iidSf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bcafa8066be46facb507a5ce7f45620_NeikiAnalytics.exe

Files

8bcafa8066be46facb507a5ce7f45620_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

24537863b58c2f11ca9d2529cfab2db5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\source\source.IC\74199\Release_WDGPU_29\WX\Win32\Release\wd200gpu.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_purecall
_splitpath
_wsplitpath
_lfind
atof
qsort
memcmp
iswspace
_fcvt
_itoa
atoi
_wtoi
strncpy
strcpy
wcstok
_itow
vswprintf
realloc
wcsrchr
memcpy
_wcsnicmp
_wcsicmp
wcscmp
wcscat
strlen
wcscpy
memmove
wcslen
wcsstr
wcschr
malloc
wcsncpy
memset
free
bsearch
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException

kernel32

InterlockedExchange
LocalAlloc
GetCurrentThreadId
ReleaseMutex
WaitForSingleObject
CreateMutexW
ProcessIdToSessionId
GetCurrentProcessId
LCMapStringW
GetEnvironmentVariableW
LoadLibraryA
GetEnvironmentVariableA
GetModuleFileNameW
FreeLibrary
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
LocalFree
FormatMessageW
InterlockedDecrement
InterlockedExchangeAdd
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
CopyFileW
DeleteFileW
GetTickCount
SetLastError
InterlockedIncrement
LoadLibraryW
GetProcAddress
CloseHandle
GetLastError
GetModuleHandleW
SetErrorMode
RaiseException

Exports

Exports

CommandeComposante
DeclareProxy
Execution
InfoComposante
TermLibrary
bInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24537863b58c2f11ca9d2529cfab2db5

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 24KB - Virtual size: 22KB