20d07a680b123cc972daf865130660e0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

20d07a680b123cc972daf865130660e0_NeikiAnalytics.exe
Size

613KB
MD5

20d07a680b123cc972daf865130660e0
SHA1

0f29da090d6eedab058d87df28628fec75aa73af
SHA256

05c510089348d56c05a00e31f4c672859fc98b0cdee10b595ba7740054094a8b
SHA512

805be450b74301319e7a1906cad2c3d09f611c41b7be77970a67930ce08fd397223e85f292d69f97d22fc68698cc8a976b5ef5fa09a9252087dc5aa884111d3f
SSDEEP

12288:B0mDMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:B0mgSkQ/7Gb8NLEbeZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20d07a680b123cc972daf865130660e0_NeikiAnalytics.exe

Files

20d07a680b123cc972daf865130660e0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

c247e922067f6179f9938eab10534e06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\\binaries\x86ret\bin\i386\pgosweep.pdb

Imports

advapi32

OpenProcessToken

kernel32

GetModuleHandleA
OpenProcess
CloseHandle
GetProcAddress
WaitForSingleObject
OpenEventW
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CreateEventW
Sleep
GetLastError
SetEvent
WaitForSingleObjectEx
PulseEvent
ResetEvent
OpenMutexW
MapViewOfFileEx
VirtualFree
DeviceIoControl
VirtualAlloc
CreateFileW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
FormatMessageW
LocalFree
SystemTimeToFileTime
GetSystemTime
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
WriteFile
GetFileType
GetUserDefaultUILanguage
LoadResource
LoadLibraryExW
GetModuleFileNameW
FindResourceExW
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
EncodePointer
FindNextFileW
FindFirstFileW
FindClose
SetLastError
GetEnvironmentVariableW
TerminateProcess

vcruntime140

__current_exception
__current_exception_context
wcsstr
__CxxFrameHandler3
memset
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
wcschr

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_crt_atexit
__p___argc
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_errno
_set_app_type
_seh_filter_exe
terminate
_configure_wide_argv
_controlfp_s
_initialize_onexit_table
__p___wargv
exit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
fwrite
_fileno
fseek
fclose
_get_osfhandle
fflush
_wfsopen
putchar
__p__commode
fputs
__acrt_iob_func
fread
_set_fmode
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
_wremove
_wfullpath

api-ms-win-crt-string-l1-1-0

wcscpy_s
_wcsicmp
wcscat_s
wcsncpy_s
_strupr_s
wcsncat_s
_wcsdup
wcstok_s

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

ole32

CoCreateGuid

ntdll

RtlInitUnicodeString
NtOpenEvent
NtOpenMutant
NtOpenSection

api-ms-win-crt-convert-l1-1-0

_itow_s
_wtoi
wcstol
wcstoul

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-conio-l1-1-0

_cputws

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c247e922067f6179f9938eab10534e06

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

psapi

ole32

ntdll

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 22KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 134KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 134KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 568KB - Virtual size: 572KB