147ebee48fa59a6fcf69419af35f5780_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

147ebee48fa59a6fcf69419af35f5780_NeikiAnalytics.exe
Size

813KB
MD5

147ebee48fa59a6fcf69419af35f5780
SHA1

47ba50d196c0cf071f849a161a26b53f96d46c14
SHA256

df688523b4b0b227c847df21336c88e5c7cfe7cb442005edd4fad4d1ec3ac7a6
SHA512

f45bbda083b07e137c52493998f8834f3ac7b57d2ec7caded8b848b83eac65701a2fafc80b843f1e7bba2511fb1baa07317261c7847f3a06dcc0ca5483ad43fe
SSDEEP

24576:gbTLIUGvBqLdUG2DRLoJ2UOj87ldDOPk6C3G:gnL85qJUG8NUO4dpm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
147ebee48fa59a6fcf69419af35f5780_NeikiAnalytics.exe

Files

147ebee48fa59a6fcf69419af35f5780_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

7712a151cebbd2219ef524f7a0534c8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
CloseHandle
GetNativeSystemInfo
OutputDebugStringA
OpenFileMappingW
OutputDebugStringW
GetModuleFileNameW
GetTempPathW
lstrcatW
LoadLibraryW
GetProcAddress
ExitProcess
GetTickCount
lstrcmpA
GetVersionExW
GetSystemInfo
TerminateProcess
Sleep
CreateThread
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
ReadFile
VirtualFree
CreateFileW
GetModuleHandleW
SizeofResource
InterlockedExchange
LockResource
FindResourceExW
LoadResource
FindResourceW
VirtualQuery
ContinueDebugEvent
DebugActiveProcess
DebugSetProcessKillOnExit
DisableThreadLibraryCalls
GetCurrentThread
GetCurrentProcessId
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetStdHandle
GetCurrentProcess
VirtualAlloc
VirtualProtect
WideCharToMultiByte
MultiByteToWideChar
GetLastError
InitializeCriticalSection
LeaveCriticalSection
lstrlenW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetACP
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetModuleFileNameA
GetModuleHandleExW
DeleteFileW
RtlUnwind
EnterCriticalSection
WaitForDebugEvent
InterlockedFlushSList
LoadLibraryExW
FreeLibrary
GetThreadTimes
GetStringTypeW
GetCurrentThreadId
WaitForSingleObjectEx
EncodePointer
QueryPerformanceCounter
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

GetDC
ReleaseDC
GetSystemMetrics

gdi32

CreateCompatibleDC
BitBlt
SelectObject
CreateDIBSection
DeleteDC
GetDeviceCaps
GetObjectW
DeleteObject

ole32

CoUninitialize
CoCreateGuid
CoInitialize

ws2_32

socket
htons
recv
connect
send
WSAStartup
setsockopt
WSACleanup
closesocket
gethostbyname
WSAGetLastError

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpReadData
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders

shlwapi

SHGetValueA
PathFindExtensionW
SHSetValueA

gdiplus

GdiplusShutdown
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdiplusStartup
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP

advapi32

OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Exports

Exports

ActiveDebuging
GetVer

Sections

.text
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 810KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7712a151cebbd2219ef524f7a0534c8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

ws2_32

winhttp

shlwapi

gdiplus

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 212KB

.rdata Size: - Virtual size: 79KB

.data Size: - Virtual size: 10KB

.gfids Size: - Virtual size: 848B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: - Virtual size: 604KB

.vmp1 Size: 810KB - Virtual size: 809KB

.reloc Size: 512B - Virtual size: 172B

.rsrc Size: 1KB - Virtual size: 128KB

.text
Size: - Virtual size: 212KB

.rdata
Size: - Virtual size: 79KB

.data
Size: - Virtual size: 10KB

.gfids
Size: - Virtual size: 848B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: - Virtual size: 604KB

.vmp1
Size: 810KB - Virtual size: 809KB

.reloc
Size: 512B - Virtual size: 172B

.rsrc
Size: 1KB - Virtual size: 128KB