47d24deb3a7337da28414c16e1a5b910_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

47d24deb3a7337da28414c16e1a5b910_NeikiAnalytics.exe
Size

772KB
MD5

47d24deb3a7337da28414c16e1a5b910
SHA1

b1a70d27aa6b590e27536c41170de2ead0e1ef95
SHA256

b45ccf28a3924e321a3eaf4600ee120ca3fe6a77485718a9e1bb63a7a27f00a5
SHA512

ce6adbcc51283886be875005581bba296b9bc7822916aa27d0513afb02cf85dd744b01e951b1a0aa4c599dad6c19c39bfd8e485eb5026c0c2751d91d3efcf6d3
SSDEEP

12288:8OupICxVoImY+lCFcD1goThydrWUeB+QChZsrwbebPeVmfCUqVfZbdbHF:8OuICaYUOoTqy8QCYrLLeYKUML

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47d24deb3a7337da28414c16e1a5b910_NeikiAnalytics.exe

Files

47d24deb3a7337da28414c16e1a5b910_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

8d1b0417fa095d60f301dfa6b154dd3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vsta.pdb

Imports

kernel32

SetFileAttributesW
CreateFileW
GetFileSize
GetFileAttributesW
MapViewOfFile
UnmapViewOfFile
CloseHandle
ExpandEnvironmentStringsW
LeaveCriticalSection
CreateFileMappingA
DeleteCriticalSection
CreateProcessW
LocalFree
FormatMessageW
LoadLibraryExW
WriteFile
GetStdHandle
GetEnvironmentVariableA
LoadLibraryW
CreateDirectoryW
MoveFileW
GetThreadLocale
GetLocaleInfoA
GetACP
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedIncrement
lstrcpynW
VirtualAlloc
VirtualFree
OutputDebugStringW
FindResourceExA
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
CreateFileMappingW
GetFileAttributesA
GetUserDefaultUILanguage
ReleaseMutex
SetEvent
WaitForSingleObject
CreateProcessA
LoadLibraryA
OpenProcess
HeapSize
HeapReAlloc
HeapDestroy
FindFirstFileW
FindNextFileW
FindClose
GetUserDefaultLCID
GetSystemDefaultLCID
InterlockedDecrement
EnterCriticalSection
DuplicateHandle
CreateMutexA
CreateEventA
GetSystemTime
AddAtomW
DeleteAtom
FindAtomW
GetModuleHandleW
CopyFileW
GetFileAttributesExW
InitializeCriticalSection
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
GetProcAddress
GetModuleHandleA
GetVersionExA
RaiseException
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
HeapAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
lstrlenA
GetModuleFileNameW
SetUnhandledExceptionFilter
InterlockedExchange
GetModuleFileNameA
SystemTimeToFileTime
GetLastError

gdi32

DeleteObject

msvcr80

memcpy
_wmakepath_s
_set_purecall_handler
_wtoi
wcspbrk
_wfullpath
memmove
wcschr
wcscat_s
_vsnwprintf_s
memset
memmove_s
calloc
_strlwr_s
_ultow_s
isprint
strrchr
_vswprintf_c_l
swprintf_s
_wtol
_mbscmp
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcstok_s
wcscspn
_swab
_wsplitpath_s
wcsncat_s
wcscpy_s
??_V@YAXPAX@Z
_resetstkoflw
_recalloc
strncpy_s
sprintf_s
wcsstr
free
memcpy_s
fprintf
_wcsnicmp
_snwprintf_s
wcsncpy_s
_wcsicmp
fclose
fgets
fopen_s
strcpy_s
_stricmp
??3@YAXPAX@Z
_callnewh
malloc
_vsnprintf_s

user32

GetSystemMetrics
LoadStringW
LoadBitmapA
CharNextA
UnregisterClassA
CharNextW
MessageBoxW
SetForegroundWindow
LoadIconA
LoadImageA

advapi32

RegDeleteKeyW
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
RegDeleteValueW
CryptDestroyHash
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegFlushKey
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptVerifySignatureA

shell32

SHFileOperationW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
OleInitialize
CoTaskMemFree
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoDisconnectObject
StringFromCLSID
CoInitializeSecurity
IIDFromString
OleUninitialize

oleaut32

VarBstrCat
GetErrorInfo
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VariantClear
GetActiveObject

shlwapi

SHDeleteKeyW
SHCopyKeyW
PathFileExistsW
PathAddBackslashW
PathIsDirectoryW
PathRemoveFileSpecW
PathRemoveBlanksW
PathUnquoteSpacesW
PathIsRelativeW

mscoree

LockClrVersion
CorBindToRuntimeEx

custsat

ord4
ord5

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 676KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8d1b0417fa095d60f301dfa6b154dd3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

msvcr80

user32

advapi32

shell32

ole32

oleaut32

shlwapi

mscoree

custsat

Sections

.text Size: 93KB - Virtual size: 93KB

.data Size: 2KB - Virtual size: 11KB

.rsrc Size: 676KB - Virtual size: 680KB

.text
Size: 93KB - Virtual size: 93KB

.data
Size: 2KB - Virtual size: 11KB

.rsrc
Size: 676KB - Virtual size: 680KB