1ecdba216050917c00ea2a2c5e94d7e0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1ecdba216050917c00ea2a2c5e94d7e0_NeikiAnalytics.exe
Size

28KB
MD5

1ecdba216050917c00ea2a2c5e94d7e0
SHA1

fc1281f1b83568557fc055e1176eb0ea1f58eb56
SHA256

d289091ed108163f9fb9d83937a13bfd3cbb75ea9b7d0c09e5fd71dd59d32b42
SHA512

5bf4862b207eb8fb53ce089a031f2fb0433fb0af50af3872698fd8a56c72cc17ac37eea7be5bcbaaa7e6ed31b02468a8fd50205225fe0a5b216da0544df2cabc
SSDEEP

768:loBBToQ+p2R07DjxUiEMglr/qJMGisNycqn:SfMQ+AqDjxUiEMglr/q5ucqn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ecdba216050917c00ea2a2c5e94d7e0_NeikiAnalytics.exe

Files

1ecdba216050917c00ea2a2c5e94d7e0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

8394d6846f91f85aa7d246629237f0c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build24\httpd-2.4.53-x64\Release\httpd.pdb

Imports

libapr-1

apr_array_make
apr_filepath_name_get
apr_getopt
apr_pstrdup
apr_pool_cleanup_null
apr_pool_pre_cleanup_register
apr_pool_cleanup_register
apr_pool_tag
apr_getopt_init
apr_pool_abort_set
apr_array_push
apr_palloc
apr_pool_destroy
apr_pool_clear
apr_pool_create_ex
apr_ctime
apr_sleep
apr_time_now
apr_terminate
apr_version_string
apr_pool_parent_get
apr_app_initialize

libaprutil-1

apu_version_string
apr_hook_deregister_all
apr_dynamic_fn_retrieve
apr_hook_sort_all

libhttpd

ap_server_pre_read_config
ap_config_generation
ap_run_mode
ap_main_state
ap_pglobal
ap_server_conf
ap_server_root
ap_server_argv0
ap_real_exit_code
ap_mpm_query
ap_run_mpm
ap_fini_vhost_config
ap_clear_auth_internal
ap_init_rng
ap_log_error_
ap_replace_stderr_log
ap_open_stderr_log
ap_pool_cleanup_set_null
ap_run_optional_fn_retrieve
ap_server_config_defines
ap_run_post_config
ap_run_test_config
ap_run_check_config
ap_run_pre_config
ap_process_config_tree
ap_fixup_virtual_hosts
ap_register_hooks
ap_run_rewrite_args
ap_read_config
ap_show_mpm
ap_show_modules
ap_show_directives
ap_setup_prelinked_modules
ap_parse_log_level
ap_thread_main_create
ap_abort_on_oom
ap_get_server_built
ap_get_server_description
ap_pcre_version_string
ap_server_post_read_config
ap_document_root_check
ap_conftree
ap_default_loglevel
ap_prelinked_modules
ap_run_open_logs

vcruntime140

memset
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_exit
__p___argc
_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
exit
_configure_narrow_argv
_set_app_type
_cexit
__p___argv
_initialize_onexit_table
_register_onexit_function
terminate
_crt_atexit
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_setmode
_read
__p__commode
__acrt_iob_func
clearerr
fclose
feof
ferror
fflush
_write
_set_fmode
_fileno
fopen
fread
fseek
ftell
fwrite
__stdio_common_vfprintf
_close
fgets
_open
_lseek

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

kernel32

QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8394d6846f91f85aa7d246629237f0c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libapr-1

libaprutil-1

libhttpd

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 504B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 40B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 504B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 40B