325694ce35fb035fd7ddbcd613188ef0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

325694ce35fb035fd7ddbcd613188ef0_NeikiAnalytics.exe
Size

282KB
MD5

325694ce35fb035fd7ddbcd613188ef0
SHA1

eb5831f3ed9d05fafa42626e7c2d45a4a39762ef
SHA256

79ac3952f0969039c90116f6cc0210ddd26363dccf44730307f51f2375a97be4
SHA512

6a3532bf8f5b83ef216a2c0327aef1e5b889db06ed0728525eeac11ece3f9a9f8ca1a83eff40c911486f692421e0b97e84d61645cc21b5b7039ded9d04660043
SSDEEP

6144:7jutjCgWPvPLzlrYILG2i07fk8BYrT3vFs4Qk3YVXUA+r4Hn:vutjCgafVYII0Dk8qrjG4R3YVXUA+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
325694ce35fb035fd7ddbcd613188ef0_NeikiAnalytics.exe

Files

325694ce35fb035fd7ddbcd613188ef0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

80d6d18eb6f68dbe1917c0e2a1581096

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ciril

PARInit
EDIPrintf
EDIEtiquette
MEMStrDup
PARObligatoire
EDIGetVersion
PARFiltre
PARPresent
PARGet
PARSprintf
EDIOpen
PARScan
DATFormate
PARIndice
DATDecompose
DATDate
EDIClose
DATJour
MEMMalloc
MEMRealloc
debug
like
MEMFree

base

SQLGetNbBinds
SQLGetBindInfo
SQLCompleteBind
SQLCount
SQLConnect
SQLCommit
SQLRollback
SQLOpen
SQLFetch
SQLClose
SQLRelease
SQLError
SQLExecute
SQLCode
SQLPrepareBind

kernel32

GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
SetFilePointer
HeapSize
GetLocaleInfoA
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
RaiseException
CreateFileA
CloseHandle

Sections

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80d6d18eb6f68dbe1917c0e2a1581096

Headers

DLL Characteristics

File Characteristics

Imports

ciril

base

kernel32

Sections

.text Size: 209KB - Virtual size: 209KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 7KB - Virtual size: 61KB

.text
Size: 209KB - Virtual size: 209KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 7KB - Virtual size: 61KB