2a42795c38efafb4e4a778af3578a2d0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2a42795c38efafb4e4a778af3578a2d0_NeikiAnalytics.exe
Size

699KB
MD5

2a42795c38efafb4e4a778af3578a2d0
SHA1

cae1d85c0da7ed130a5bd2fc6fbf9cccb94b2b1a
SHA256

4ab3f737ba5ddf6d8d9b5fdcb1cd67027ceba66836986b76ae2fe44f8b1b5406
SHA512

57ac92f579ecd63785c4e12b8c8295688a2cf4ed9c78911703cf72dbad6020cf9ef7ec677a02f47f3f0627ccbff7b22de3c321d509f6d48d24da6534a17b07c2
SSDEEP

12288:0DG3tEGlJKQ1uBeAMlwesHU8wqy2VYCIbvpOBlU1RlgIDMCZgjtGlxHZ9/I:YGa1SwPHU8X31PfU17DhZy0lxHZ9/I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a42795c38efafb4e4a778af3578a2d0_NeikiAnalytics.exe

Files

2a42795c38efafb4e4a778af3578a2d0_NeikiAnalytics.exe
.exe windows:10 windows x86 arch:x86

bd4b220ae7a320ea5953b0a038419700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

muirct.pdb

Imports

advapi32

IsTextUnicode

kernel32

CreateDirectoryW
SizeofResource
LocalAlloc
GetFileAttributesW
SetFileAttributesW
GetLastError
LockResource
DeleteFileW
HeapSetInformation
LoadResource
LocalFree
FreeLibrary
CopyFileW
LoadLibraryExW
HeapCreate
HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap
FormatMessageW
GetFullPathNameW
EnumResourceTypesW
WriteFile
EnumResourceNamesW
CreateFileW
GetVersionExW
UnmapViewOfFile
CloseHandle
EnumResourceLanguagesW
LoadLibraryW
FindResourceExW
UpdateResourceW
GetProcAddress
GetModuleHandleW
BeginUpdateResourceW
CreateFileMappingW
MapViewOfFile
ReadFile
GetFileSizeEx
MultiByteToWideChar
GlobalUnlock
_lclose
GetTempFileNameW
_lread
MoveFileExW
GlobalLock
GlobalFree
_llseek
GetTempPathW
SetLastError
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
_lwrite

msvcrt

_cexit
__p__fmode
__setusermatherr
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
memcpy
memset
??1type_info@@UAE@XZ
_controlfp
bsearch
__wgetmainargs
exit
_amsg_exit
__p__commode
_XcptFilter
__set_app_type
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
__CxxFrameHandler
wcsncpy
__iob_func
_errno
wcsncmp
towupper
_wcsnicmp
wcsstr
strncmp
strtoul
wcschr
toupper
towlower
_vsnwprintf
malloc
free
fwprintf
vfwprintf
wcsrchr
_purecall
wcstoul
_wcsicmp
_exit
memcmp

imagehlp

MapFileAndCheckSumW

bcrypt

BCryptHashData
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash
BCryptCreateHash

user32

CharLowerW

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlUnwind

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd4b220ae7a320ea5953b0a038419700

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

imagehlp

bcrypt

user32

ntdll

Sections

.text Size: 118KB - Virtual size: 118KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 118KB - Virtual size: 118KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 572KB - Virtual size: 576KB