f46bf252b88220970943edab73833ad0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f46bf252b88220970943edab73833ad0_NeikiAnalytics.exe
Size

2.5MB
MD5

f46bf252b88220970943edab73833ad0
SHA1

da577e844b24bca0fbd9b18922e29a066d0928a3
SHA256

5540c549d6f99328f1bd052d454678fc6bbe57062dd380d12e7b0ce5ef40406d
SHA512

08eb40c95d27552984b53d195def7ac29a369ea0205391bef49a46b75cbc667616fab2bdb59d453c1c86f7152e3416bd0c2d4e713a710e60f3df5be31c8ebbb3
SSDEEP

49152:hJyvGeF6Nqiw65fM3UML3mThwSdQs0xc1AQkqwzSNySQyTbF9dCBA:hYqs6Ik

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f46bf252b88220970943edab73833ad0_NeikiAnalytics.exe

Files

f46bf252b88220970943edab73833ad0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

26be3be66c5b124beaa6a9a749d0d321

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

tcl85

Tcl_FSGetNormalizedPath
Tcl_SetStringObj
Tcl_ListObjIndex
Tcl_FSSplitPath
Tcl_FSGetPathType
Tcl_FSJoinToPath
Tcl_FSJoinPath
Tcl_UtfFindFirst
Tcl_FSAccess
Tcl_AllocStatBuf
Tcl_FSStat
Tcl_GetString
Tcl_SetVar
Tcl_CreateObjCommand
Tcl_Preserve
Tcl_DStringInit
Tcl_DStringGetResult
Tcl_ResetResult
Tcl_EvalEx
Tcl_GetObjResult
Tcl_DStringResult
Tcl_DStringFree
Tcl_Release
Tcl_WrongNumArgs
Tcl_ListObjGetElements
Tcl_GetIntFromObj
Tcl_DuplicateObj
Tcl_GetStringFromObj
Tcl_CreateInterp
Tcl_Eval
Tcl_GetStringResult
Tcl_SetVar2
Tcl_InitSubsystems
Tcl_PutEnv
Tcl_NewObj
Tcl_NewStringObj
Tcl_ListObjAppendElement
TclSetLibraryPath
TclFreeObj
Tcl_GetNameOfExecutable
Tcl_FindExecutable

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

advapi32

GetUserNameA
ReportEventA
RegisterEventSourceA
DeregisterEventSource

msvcr90

strerror
atoi
strtok_s
strtok
getenv
fgets
fseek
strstr
_environ
memset
calloc
_fstat64i32
_stat64i32
strrchr
fwrite
ferror
fread
feof
_ftime64
isspace
srand
sscanf
_strtoi64
_putenv
strtol
strncpy
strtoul
strtod
strcmp
_localtime64
_getmaxstdio
perror
_lseeki64
_commit
getc
ungetc
rewind
strftime
rename
_get_osfhandle
fsetpos
fgetpos
toupper
_lseek
floor
wcsstr
_exit
raise
_time64
qsort
_setmode
_fileno
ftell
_wfopen
_strnicmp
isxdigit
_stricmp
_gmtime64
signal
_getch
memchr
vsprintf
_localtime64_s
_amsg_exit
__getmainargs
_cexit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
_crt_debugger_hook
_errno
strncmp
isdigit
fopen
fflush
fclose
strchr
fgetc
_vsnprintf
_vscprintf
memcpy
memmove
fscanf
free
printf
strncat
fprintf
exit
fputs
__iob_func
vfprintf
realloc
sprintf
malloc
isalpha
isalnum
bsearch
tolower
isupper
_access
_chdir
_getcwd
_strdup
_unlink
_close
_chmod
_umask
_mkdir
_getpid
_read
_write
_open
_tempnam
rand
rand_s

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
LockFileEx
CreateFileW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameW
GetFullPathNameA
FormatMessageW
GetTempPathW
GetSystemTimeAsFileTime
GetFileAttributesW
LockFile
UnlockFile
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
Sleep
AreFileApisANSI
WideCharToMultiByte
GetFileAttributesA
FlushConsoleInputBuffer
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetFileType
SetFilePointer
SetEndOfFile
GetTempFileNameA
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
WaitForMultipleObjects
CreateProcessA
GetStdHandle
GetWindowsDirectoryA
GlobalMemoryStatus
GetCurrentThreadId
GetModuleHandleA
DeleteFileW
MultiByteToWideChar
VirtualFree
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
VirtualAlloc
CreateFileA
GetSystemTime
SystemTimeToFileTime
SetFileTime
CloseHandle
GetVolumePathNameA
GetVolumeInformationA
RemoveDirectoryA
GetComputerNameA
GetTempPathA
FindFirstFileA
FindNextFileA
FindClose
GetSystemInfo
GetModuleFileNameA
GetVersionExA
MoveFileExA
DeleteFileA
MoveFileA
FormatMessageA
LocalFree
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
GetVersion

Sections

.text
Size: 954KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26be3be66c5b124beaa6a9a749d0d321

Headers

DLL Characteristics

File Characteristics

Imports

tcl85

user32

advapi32

msvcr90

kernel32

Sections

.text Size: 954KB - Virtual size: 954KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 1024B - Virtual size: 688B

.text
Size: 954KB - Virtual size: 954KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 1024B - Virtual size: 688B