2cc6b1b9c4f40495d8ec7384fb071200_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2cc6b1b9c4f40495d8ec7384fb071200_NeikiAnalytics.exe
Size

1.3MB
MD5

2cc6b1b9c4f40495d8ec7384fb071200
SHA1

f6a795b47e9c783f8f54a26aa421610c065ba11b
SHA256

56214996e9498eaee6a9d707fb17456ed90e78e98d9a378f1554e383a5eeb773
SHA512

eac920658c938d663cc5e14d99fe88921cb56767483f1b934df0108372bb0db49cebb80d30deca106151a371ad935d47f25292386f8a8f95cf97bebf2c910d27
SSDEEP

24576:RNYE5s4rswkRdEE+VCn3d6nLmHJsv6tWKFdu9C8Lnl:RNYms4rswkRSfsn9Jsv6tWKFdu9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cc6b1b9c4f40495d8ec7384fb071200_NeikiAnalytics.exe

Files

2cc6b1b9c4f40495d8ec7384fb071200_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

3e92ec1087de621b85783e0a2e325250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shell32

CommandLineToArgvW

netapi32

NetApiBufferFree
NetShareEnum

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
QueryPerformanceCounter
RemoveDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FindNextFileW
FindFirstFileExW
GetModuleFileNameW
GetCommandLineW
GetCurrentProcessId
LocalFree
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CreateFileW
GetFileAttributesExW
GetLastError
FormatMessageW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetProcAddress
SetFileTime
CloseHandle
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
FlushFileBuffers
GetFileType
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
strchr
memchr
memcmp
memcpy
memmove
memset
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

_close
__acrt_iob_func
_get_osfhandle
fwrite
fseek
fread
fgets
_fileno
fputc
_open_osfhandle
fputs
_wfopen_s
fclose
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vsscanf
__stdio_common_vsprintf
_set_fmode
ftell
fflush
_lseek
_read
__p__commode
_write
feof

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
strncpy

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
_set_new_mode
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
_dclass
floor
floorf

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_atexit
__p___argc
__p___argv
_register_thread_local_exe_atexit_callback
_register_onexit_function
_c_exit
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
_exit
strerror
_seh_filter_exe
_set_app_type
exit
_get_initial_narrow_environment
_initterm
_initterm_e
_errno
_cexit

api-ms-win-crt-environment-l1-1-0

getenv_s

api-ms-win-crt-time-l1-1-0

_localtime64_s
_get_tzname
_get_timezone
_mktime64
_tzset

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_create_locale
_free_locale

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wchmod

Sections

.text
Size: 590KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e92ec1087de621b85783e0a2e325250

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

netapi32

msvcp140

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 590KB - Virtual size: 590KB

.rdata Size: 656KB - Virtual size: 655KB

.data Size: 9KB - Virtual size: 10KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 590KB - Virtual size: 590KB

.rdata
Size: 656KB - Virtual size: 655KB

.data
Size: 9KB - Virtual size: 10KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB