542e7bd39b5b725d95f4f06f5a9d1a10_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

542e7bd39b5b725d95f4f06f5a9d1a10_NeikiAnalytics.exe
Size

2.3MB
MD5

542e7bd39b5b725d95f4f06f5a9d1a10
SHA1

92e50798f0dff40d60102f76a2f8929431916fe3
SHA256

af8ef729c9b7af64b4ac056a579288eb1a67a703ba0aef829a204358c3daf0d3
SHA512

0ccf4a8dc166aca1b946d429ed9523a16da83424362d99684cc98e715ccd84f7e6810de5c830b9c374b38758515c49fc6090d1aaf82d2ccf3e175476c5c94db1
SSDEEP

24576:bplRlKNT/o+JA/e7FH1gWcQzFBiJ8hY8RoHX1gbc8J413a+updoQZnDx:b5lKNTvA4FH1NFBici3WgySNcDx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
542e7bd39b5b725d95f4f06f5a9d1a10_NeikiAnalytics.exe

Files

542e7bd39b5b725d95f4f06f5a9d1a10_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

f813c62eb328533ea996d60b8c6f057c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BUILD\CM_XPM_WK\master\wibu\xpm\dev\Internal\IxpTest\obj\Release\winX64V12D\Oope\IxpTest64Oope.pdb

Imports

kernel32

ReadConsoleW
CreateFileW
WriteConsoleW
SetStdHandle
TlsFree
GetCurrentThread
OutputDebugStringW
SetFilePointerEx
HeapReAlloc
TerminateProcess
GetProcessHeap
HeapFree
HeapAlloc
SetConsoleCtrlHandler
OpenEventA
SetEvent
GetTickCount
GetACP
SystemTimeToFileTime
GetTempPathA
GetLocalTime
GetDiskFreeSpaceA
GetUserDefaultUILanguage
SetPriorityClass
SetThreadPriority
RtlAddFunctionTable
IsBadReadPtr
VirtualQuery
GetConsoleCP
GetModuleFileNameW
GetComputerNameA
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemInfo
SetLastError
GetCurrentDirectoryA
GetOEMCP
GetVersionExA
IsValidCodePage
HeapSize
EnumSystemLocalesW
GetVersion
GetCurrentProcessId
GetExitCodeThread
GetCurrentThreadId
GetCurrentProcess
GetModuleFileNameA
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
GetCPInfo
GetModuleHandleExW
GetStartupInfoW
GetFileType
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
GetStringTypeW
DecodePointer
EncodePointer
UnlockFile
LockFile
IsBadStringPtrW
IsBadStringPtrA
DeviceIoControl
VirtualProtect
FlushInstructionCache
GetDriveTypeA
OpenSemaphoreA
CreateSemaphoreA
ReleaseSemaphore
GetSystemTimeAsFileTime
IsBadWritePtr
WaitForMultipleObjects
DuplicateHandle
CreateEventA
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
LocalFree
LocalAlloc
TlsSetValue
SetEnvironmentVariableA
TlsGetValue
TlsAlloc
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
LoadLibraryA
AreFileApisANSI
CloseHandle
GetLastError
WaitForSingleObject
GetExitCodeProcess
OpenProcess
FreeLibrary
GetProcAddress
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetStdHandle
GetConsoleMode
Sleep
VerSetConditionMask
GetProfileStringA
VerifyVersionInfoW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateDirectoryA
CreateFileA
DeleteFileA
SetFileTime
FlushFileBuffers
GetFileSizeEx
GetFileTime
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
QueryPerformanceCounter

user32

DrawMenuBar
CharLowerBuffA
CharUpperBuffA
GetSystemMenu
MessageBoxA
AppendMenuA
LoadStringA
CallMsgFilterA
PeekMessageA
DispatchMessageA
TranslateMessage
wsprintfA

advapi32

QueryServiceStatus
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueA
GetUserNameA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
StartServiceA

shell32

ShellExecuteExA

wsock32

__WSAFDIsSet
gethostbyaddr
inet_addr
htons
recv
select
send
setsockopt
WSACleanup
WSAStartup
accept
shutdown
socket
WSAGetLastError
getpeername
bind
ioctlsocket
recvfrom
sendto
gethostbyname
closesocket
connect
inet_ntoa
gethostname
getsockopt

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

freeaddrinfo
getaddrinfo

Exports

Exports

IxpExecuteTest
IxpExecuteTestEx
IxpShowAdress

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f813c62eb328533ea996d60b8c6f057c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wsock32

version

ws2_32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 7KB - Virtual size: 7KB

.reloc Size: 67KB - Virtual size: 68KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 7KB - Virtual size: 7KB

.reloc
Size: 67KB - Virtual size: 68KB