11d62a293f13d64b80cd29bc919281a0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

11d62a293f13d64b80cd29bc919281a0_NeikiAnalytics.exe
Size

4.6MB
MD5

11d62a293f13d64b80cd29bc919281a0
SHA1

dea6eb84784ad5a9cdafca7e0954ea53ec2e0212
SHA256

da7eef57ef4c59a58aae0da023d8a71d5e29f44d15a58e89253a40a00b811659
SHA512

99ac9a20bcb986fdc0cb14e3e4040533cd182a97e7aa7036d4958eca7bf0e6f1a1a73f19e4e7788d2706d80a7811955f1143cd59937375e965a0b13bbeb2ca3b
SSDEEP

49152:kW5IYb+Jxt3FDrthqhHlXcOOf4JzlOrjdtn8J94GtlqEQNDOxdO32dCRgKM/kyey:KFu3OQJd9oDOxwYGagZc/Gy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11d62a293f13d64b80cd29bc919281a0_NeikiAnalytics.exe

Files

11d62a293f13d64b80cd29bc919281a0_NeikiAnalytics.exe
.dll windows:4 windows x64 arch:x64

499f9ec32b1ca2c39cba4a2bc2503412

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libvlccore

block_Alloc
var_Inherit
vlc_Log
vlc_UrlClean
vlc_UrlParse
vlc_getaddrinfo
vlc_interrupt_register
vlc_interrupt_unregister
vlc_killed
vlc_mutex_destroy
vlc_mutex_init
vlc_mutex_lock
vlc_mutex_unlock
vlc_obj_calloc

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptGetProvParam
CryptReleaseContext
CryptSetHashParam
CryptSetProvParam
CryptSignHashA

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
PFXImportCertStore

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateSemaphoreA
CreateSemaphoreW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileA
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileInformationByHandle
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
__dllonexit
__doserrno
__iob_func
__mb_cur_max
__pioinfo
__setusermatherr
_amsg_exit
_beginthreadex
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_fstat64
_ftime64
_get_osfhandle
_getmaxstdio
_initterm
_localtime64
_lock
_lseeki64
_mkdir
_onexit
_open_osfhandle
_setjmp
_setmaxstdio
_stricmp
_strnicmp
_ultoa
_unlock
_vsnprintf
_write
abort
atoi
calloc
exit
fclose
ferror
fflush
fgetpos
fgets
fgetwc
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwprintf
fwrite
getc
getenv
getwc
gmtime
islower
isspace
isupper
iswctype
isxdigit
localeconv
localtime
log10
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
qsort
raise
realloc
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
strxfrm
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcscpy
wcsftime
wcslen
wcstombs
wcsxfrm
_vsnwprintf
_time64
_snwprintf
longjmp
_write
_strdup
_setmode
_read
_open
_fileno
_fdopen
_dup2
_close

user32

MessageBoxW

ws2_32

WSARecvFrom
WSASendTo
WSASetLastError
freeaddrinfo
getaddrinfo
getnameinfo
recv
send

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
ntohl
ntohs
select
setsockopt
socket

Exports

Exports

vlc_entry__3_0_0f
vlc_entry_copyright__3_0_0f
vlc_entry_license__3_0_0f

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

499f9ec32b1ca2c39cba4a2bc2503412

Headers

DLL Characteristics

File Characteristics

Imports

libvlccore

advapi32

crypt32

kernel32

msvcrt

user32

ws2_32

wsock32

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.data Size: 22KB - Virtual size: 21KB

.rodata Size: 512B - Virtual size: 512B

.rdata Size: 769KB - Virtual size: 768KB

.pdata Size: 157KB - Virtual size: 157KB

.xdata Size: 212KB - Virtual size: 212KB

.bss Size: - Virtual size: 26KB

.edata Size: 512B - Virtual size: 167B

.idata Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 14KB - Virtual size: 14KB

/4 Size: 512B - Virtual size: 36B

.text
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 22KB - Virtual size: 21KB

.rodata
Size: 512B - Virtual size: 512B

.rdata
Size: 769KB - Virtual size: 768KB

.pdata
Size: 157KB - Virtual size: 157KB

.xdata
Size: 212KB - Virtual size: 212KB

.bss
Size: - Virtual size: 26KB

.edata
Size: 512B - Virtual size: 167B

.idata
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 14KB - Virtual size: 14KB

/4
Size: 512B - Virtual size: 36B