8d9d1ca11a808190ec271c255b5acaa0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8d9d1ca11a808190ec271c255b5acaa0_NeikiAnalytics.exe
Size

141KB
MD5

8d9d1ca11a808190ec271c255b5acaa0
SHA1

07a4bc37d047e978cf31fdc98960b9f4b9160e79
SHA256

98f675647cdb6167679d1ee67fa98c0d02f3726e5532a3efa8ff85f9191f972a
SHA512

ff7a2a6e2daf2eda109d27d79154bc4c5f93a4c3d663740dcec1e0eac67521f68b16ae95417bae929fab5e00cf46d7eb3ecaec9053582c16ad7f3ebfc8f0f4f2
SSDEEP

1536:eGBDmmuTxwoZQVJyD0Oeo3Ksr449lVn8bN:eXhTNZQ1GDZlREN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d9d1ca11a808190ec271c255b5acaa0_NeikiAnalytics.exe

Files

8d9d1ca11a808190ec271c255b5acaa0_NeikiAnalytics.exe
.dll windows:4 windows x64 arch:x64

a0257aa5859d8eaefbddb2355258cd35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

combase

WindowsCompareStringOrdinal
WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer

kernel32

DisableThreadLibraryCalls
GetLocaleInfoEx
GetModuleHandleW
GetUserDefaultGeoName
GetProcAddress
GetTickCount
GetUserDefaultLocaleName
HeapAlloc
HeapReAlloc
IsBadStringPtrW
QueryPerformanceCounter
QueryPerformanceFrequency

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
calloc
free
fwrite
getenv
malloc
memcmp
memmove
memset
strchr
strcmp
strcspn
strlen
wcscmp
wcscpy
wcslen

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0257aa5859d8eaefbddb2355258cd35

Headers

DLL Characteristics

File Characteristics

Imports

combase

kernel32

ntdll

ucrtbase

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 672B

.rodata Size: 4KB - Virtual size: 20B

.rdata Size: 12KB - Virtual size: 9KB

.pdata Size: 4KB - Virtual size: 1KB

.xdata Size: 4KB - Virtual size: 1KB

.edata Size: 4KB - Virtual size: 160B

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 4KB - Virtual size: 204B

.text
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 672B

.rodata
Size: 4KB - Virtual size: 20B

.rdata
Size: 12KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 1KB

.xdata
Size: 4KB - Virtual size: 1KB

.edata
Size: 4KB - Virtual size: 160B

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 204B