76e8217f1f90d861b39194bec8ba4890_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

76e8217f1f90d861b39194bec8ba4890_NeikiAnalytics.exe
Size

1.4MB
MD5

76e8217f1f90d861b39194bec8ba4890
SHA1

3f0edce1a27c35d5a5c3d69d22687f7a5f5cbf60
SHA256

c24dce1e31401a63dd093c40eff400fe395b2e7c1aa82dc2d21113c3383fd7e4
SHA512

84e721f67bdfada75349c982dc49c7d807c8668197860264b1c938ea50e7edc6e0fadb8e0237cef36825fc350c65254c4aba1fadb4ab72bded407967fd6f6022
SSDEEP

24576:dMFvrDg9G2r/htza3Sy8gyBTHQVZj4Gf6oRz+efyTh8skMCAsqjnhMgeiCl7G0nZ:KFvvGwSyXiwVZjtCxTOM7Dmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76e8217f1f90d861b39194bec8ba4890_NeikiAnalytics.exe

Files

76e8217f1f90d861b39194bec8ba4890_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

b1d04b1ebe040659866be4feed8055ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

iphlpapi

GetAdaptersInfo

kernel32

GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetFilePointer
Sleep
MoveFileExW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetSystemInfo
GetVersionExW
GetComputerNameW
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileW
FindNextFileW
ResetEvent
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetModuleFileNameW
SetConsoleCtrlHandler
FreeLibrary
GetProcAddress
LoadLibraryW
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeleteFileW
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
VerifyVersionInfoA
MultiByteToWideChar
FormatMessageW
LocalFree
WideCharToMultiByte
GetSystemDirectoryW
GetTempPathW
GetLongPathNameW
GetCurrentDirectoryW
WriteFile
ReadFile
CreateEventW
SetEvent
GetStartupInfoW
TerminateProcess
GetCurrentProcessId
DuplicateHandle
GetStdHandle
GetSystemTimeAsFileTime
WTSGetActiveConsoleSessionId
OpenProcess
GetCurrentThread
GetExitCodeProcess
GetCurrentProcess
WaitForSingleObject
GetLastError
CloseHandle
SetWaitableTimer
CreateFileW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleW
HeapSize
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

ole32

CoImpersonateClient

advapi32

RegOpenKeyExW
ReportEventW
RegisterEventSourceW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserA
OpenThreadToken
OpenProcessToken
DeregisterEventSource

ws2_32

WSASocketW
WSASend
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
shutdown
listen
htons
ioctlsocket
closesocket
bind
WSARecv
setsockopt

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1d04b1ebe040659866be4feed8055ce

Headers

DLL Characteristics

File Characteristics

Imports

userenv

iphlpapi

kernel32

ole32

advapi32

ws2_32

mswsock

Sections

.text Size: 561KB - Virtual size: 561KB

.rdata Size: 259KB - Virtual size: 258KB

.data Size: 26KB - Virtual size: 32KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 604KB - Virtual size: 608KB

.text
Size: 561KB - Virtual size: 561KB

.rdata
Size: 259KB - Virtual size: 258KB

.data
Size: 26KB - Virtual size: 32KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 604KB - Virtual size: 608KB