a312200dc34fb5103492c08427936ea0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a312200dc34fb5103492c08427936ea0_NeikiAnalytics.exe
Size

6.8MB
MD5

a312200dc34fb5103492c08427936ea0
SHA1

5ac46eb1e28b25566b6f36a89b87a48674375d0f
SHA256

8ff866671c27835906b30594d372c567c14bd3662b1ea50a192c457bbaabf129
SHA512

b180bb0d4af12b56090ad19a3c8b897de8ee835d6f99f7af9d9be4ac684020db527e1c4daa37349a3178b93ffdaec5a3d108cbb1ee4b51f9dd9193c64bbd2553
SSDEEP

196608:DBt1IrARFmUj5xzJQPq0GMie0jw5jIRuJIu4ESg3U:DBt1IrARFmUj3zJhbesNuJIu403U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a312200dc34fb5103492c08427936ea0_NeikiAnalytics.exe

Files

a312200dc34fb5103492c08427936ea0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

0936b5121d1e06498ed635852ed8dcc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

Imports

cygbz2-1

BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit

cygcrypt-2

crypt

cygcrypto-1.1

AES_cbc_encrypt
AES_cfb128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_set_decrypt_key
AES_set_encrypt_key
BF_cbc_encrypt
BF_cfb64_encrypt
BF_ecb_encrypt
BF_set_key
BN_CTX_free
BN_CTX_new
BN_bin2bn
BN_bn2bin
BN_bn2hex
BN_cmp
BN_div
BN_free
BN_hex2bn
BN_mod_exp
BN_mul
BN_new
CAST_cfb64_encrypt
CAST_ecb_encrypt
CAST_set_key
CMAC_CTX_free
CMAC_CTX_new
CMAC_Final
CMAC_Init
CMAC_Update
CRYPTO_free
Camellia_cfb128_encrypt
Camellia_set_key
DES_cbc_cksum
DES_cbc_encrypt
DES_crypt
DES_ecb_encrypt
DES_ede3_cbc_encrypt
DES_ede3_cfb64_encrypt
DES_encrypt1
DES_key_sched
DES_ncbc_encrypt
DES_pcbc_encrypt
DES_set_key
DES_set_key_unchecked
DES_set_odd_parity
DES_string_to_key
DSA_free
DSA_get0_key
DSA_get0_pqg
DSA_new
DSA_set0_key
DSA_set0_pqg
EVP_aes_128_cbc
MD4_Final
MD4_Init
MD4_Update
MD5_Final
MD5_Init
MD5_Update
RC2_cbc_encrypt
RC2_set_key
RIPEMD160_Final
RIPEMD160_Init
RIPEMD160_Update
SHA1
SHA1_Final
SHA1_Init
SHA1_Update
SHA224_Final
SHA224_Init
SHA224_Update
SHA256_Final
SHA256_Init
SHA256_Update
SHA384_Final
SHA384_Init
SHA384_Update
SHA512_Final
SHA512_Init
SHA512_Update
WHIRLPOOL_Final
WHIRLPOOL_Init
WHIRLPOOL_Update

cygwin1

__assert_func
__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
_dll_crt0@0
_exit
_fcntl64
_fdopen64
_fgetpos64
_fopen64
_freopen64
_fseeko64
_fsetpos64
_fstat64
_ftello64
_ftruncate64
_get_osfhandle
_impure_ptr
_lseek64
_mmap64
_open64
_stat64
abort
asctime
atoi
atol
atoll
calloc
chmod
clock
close
closedir
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
dlopen
dlsym
execv
exit
fclose
fcntl
fdopen
fflush
fgetc
fgetpos
fgets
fileno
fopen
fork
fprintf
fputc
fputs
fread
free
freopen
fscanf
fseek
fseeko
fsetpos
fstat
fsync
ftell
ftello
ftruncate
fwrite
getc
getchar
getenv
getopt
getpid
getppid
gettimeofday
gmtime
isatty
kill
localtime
log
lseek
malloc
memchr
memcmp
memcpy
memmem
memmove
memset
mmap
munmap
nice
open
opendir
optarg
optind
perror
posix_memalign
pow
printf
putchar
puts
qsort
raise
rand
read
readdir
realloc
rewind
sched_yield
setenv
setlocale
setvbuf
sigaction
signal
sleep
snprintf
sprintf
srand
sscanf
stat
stpcpy
strcasecmp
strcasestr
strcat
strchr
strcmp
strcpy
strcspn
strdup
strerror
strftime
strlen
strlwr
strncasecmp
strncat
strncmp
strncpy
strnlen
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
strupr
sysconf
tcgetattr
tcgetpgrp
tcsetattr
time
times
tolower
toupper
umask
ungetc
unlink
vfprintf
vsnprintf
vsprintf
wait
write

cyggmp-10

__gmp_version
__gmpf_clear
__gmpf_div
__gmpf_get_d
__gmpf_init
__gmpf_init_set_ui
__gmpf_mul_ui
__gmpf_set_z
__gmpz_add
__gmpz_add_ui
__gmpz_clear
__gmpz_cmp
__gmpz_fdiv_q_2exp
__gmpz_fdiv_q_ui
__gmpz_fdiv_r_2exp
__gmpz_fdiv_ui
__gmpz_get_str
__gmpz_init
__gmpz_init_set
__gmpz_init_set_si
__gmpz_init_set_str
__gmpz_init_set_ui
__gmpz_mul_2exp
__gmpz_mul_ui
__gmpz_powm
__gmpz_set
__gmpz_set_si
__gmpz_set_str
__gmpz_set_ui
__gmpz_sub

cygopencl-1

clBuildProgram
clCreateBuffer
clCreateCommandQueue
clCreateContext
clCreateKernel
clCreateProgramWithBinary
clCreateProgramWithSource
clEnqueueMapBuffer
clEnqueueNDRangeKernel
clEnqueueReadBuffer
clEnqueueUnmapMemObject
clEnqueueWriteBuffer
clFinish
clFlush
clGetDeviceIDs
clGetDeviceInfo
clGetEventInfo
clGetEventProfilingInfo
clGetKernelInfo
clGetKernelWorkGroupInfo
clGetMemObjectInfo
clGetPlatformIDs
clGetPlatformInfo
clGetProgramBuildInfo
clGetProgramInfo
clReleaseCommandQueue
clReleaseContext
clReleaseEvent
clReleaseKernel
clReleaseMemObject
clReleaseProgram
clSetKernelArg
clWaitForEvents

cygz

inflate
inflateEnd
inflateInit2_
inflateInit_

cyggcc_s-1

__divdi3
__divmoddi4
__moddi3
__udivdi3
__udivmoddi4
__umoddi3

kernel32

CloseHandle
CreateMutexA
FreeLibrary
GetFileSizeEx
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA
MapViewOfFile
OpenFileMappingA
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
SetConsoleCtrlHandler
Sleep
UnmapViewOfFile
WaitForSingleObject

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0936b5121d1e06498ed635852ed8dcc2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cygbz2-1

cygcrypt-2

cygcrypto-1.1

cygwin1

cyggmp-10

cygopencl-1

cygz

cyggcc_s-1

kernel32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.data Size: 360KB - Virtual size: 356KB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.buildid Size: 512B - Virtual size: 53B

/4 Size: 380KB - Virtual size: 380KB

.bss Size: - Virtual size: 19.4MB

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 360KB - Virtual size: 356KB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.buildid
Size: 512B - Virtual size: 53B

/4
Size: 380KB - Virtual size: 380KB

.bss
Size: - Virtual size: 19.4MB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB