e8fdc6990554e81eab4a5d4300604c50_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e8fdc6990554e81eab4a5d4300604c50_NeikiAnalytics.exe
Size

70KB
MD5

e8fdc6990554e81eab4a5d4300604c50
SHA1

43a37cf0f32472923095e283e287327b84a5ddf9
SHA256

d2c4d5e99042b1611931018986fade4449bd9f717f56c0595962abf5fcd02203
SHA512

6ccc46bf4be34be7a1c13b6f08874f1c73b92bf32106d46b6593fc9509f9b3a01ceded3477fe42dd67eb9645944ba4bad253cab6de421da1c4e74ac68797c5ce
SSDEEP

1536:RxxwijmP2hp0Jdjil+g0luO3/nyZA2gYQMLMGnr7ZZe4sQr7AbKthaHv:WgVhpIdjY+gCuAqZR86nZZzsLi6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8fdc6990554e81eab4a5d4300604c50_NeikiAnalytics.exe

Files

e8fdc6990554e81eab4a5d4300604c50_NeikiAnalytics.exe
.exe windows:10 windows x86 arch:x86

12d66cd90680a9232ad1abe81c38f4e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MUIUnattend.pdb

Imports

msvcrt

_unlock
memcmp
_except_handler4_common
_initterm
__setusermatherr
_controlfp
__p__fmode
_cexit
_exit
exit
memmove
__dllonexit
_wcsnicmp
wcsncmp
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove_s
wcschr
_purecall
??3@YAXPAX@Z
_onexit
?terminate@@YAXXZ
memcpy
_wcsicmp
memcpy_s
_vsnprintf
wcsrchr
wprintf
_vsnwprintf
_lock
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueExW
RegLoadKeyW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseMutex
InitializeCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW
LocaleNameToLCID
GetLocaleInfoEx
SetUserGeoID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentProcessId

sspicli

GetUserNameExW

api-ms-win-core-localization-l1-2-2

GetSystemDefaultLocaleName

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlpSetPreferredUILanguages
RtlNtStatusToDosError
RtlGetUILanguageInfo

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetFileAttributesW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
PrivilegeCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12d66cd90680a9232ad1abe81c38f4e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

sspicli

api-ms-win-core-localization-l1-2-2

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-localization-private-l1-1-0

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-registry-l2-1-0

Sections

.text Size: 58KB - Virtual size: 58KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 58KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB