09b1f1604a68d87ace62e48b2ad051b0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

09b1f1604a68d87ace62e48b2ad051b0_NeikiAnalytics.exe
Size

96KB
MD5

09b1f1604a68d87ace62e48b2ad051b0
SHA1

7a723c12ce8d86796f01f9f8471f8c16110a7b90
SHA256

c79255a08ea612ca6458ac7c098d5b4eeef2c87da9a7434571a87c675d3b088d
SHA512

49023c6eedaa031ae47664f9066687e45f08bf0bddaaedf14c88fd97f11b665ee81ebff229e7906edc9c9e8cf98344d4de8893f5719736ff95bfbc9855140b7d
SSDEEP

1536:Y/GYZqyYIBuP7C+oq8pAUPzrrsvn5Mv4mZ8c5eJH2nln4hdBaeCX30nDoQvA4Te/:tLXB+AoHq+v5V5uLBdnDoQA4Te2Tnv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09b1f1604a68d87ace62e48b2ad051b0_NeikiAnalytics.exe

Files

09b1f1604a68d87ace62e48b2ad051b0_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

84cb8cc5f5a695f0488989eb3682aa38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ResetEvent
GetLastError
InitializeCriticalSection
CreateThread
WaitForMultipleObjects
DeleteCriticalSection
SetEvent
EnterCriticalSection
Sleep
CreateEventA
CloseHandle
LeaveCriticalSection
TerminateThread
DeviceIoControl
GetExitCodeThread

appnmem

nba_get_spin_lock_timed
nba_get_spin_lock
nba_release_spin_lock
nba_mm_free
nba_mm_alloc

appnkrnl

nbm_destroy_buf_pool
nbm_get_buffer
nba_set_timer
nba_add_to_q_tail
nba_set_priority
nba_local_to_ebcdic
nbm_create_buf_pool
nba_destroy_handle
nba_create_handle
nba_cancel_ftimer
nba_cancel_timer
nba_set_ftimer
nba_get_date_time
dpdfile
dpdtype
nba_register_dump
nba_abend
nba_validate_handle
work_sem
nba_set_dlc_procs
nba_enable_queues
nba_open_queues
nba_set_receive
nba_set_destroy
nba_append_dump_data
dclocal
nba_attach_local_data
nba_pd_print
dpdline
nbm_create_external_pool
nbm_request_post
nbm_free_buffer
nba_send_ips
nba_create
nba_get_q_head
nba_add_to_safe_send_q
nbm_pkt_transfer
nba_append_dump_info
nbm_adjust_buf_pool

haystapi

ord5
ord4
ord14
ord10
ord9
ord8
ord6

msvcrt

rand

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84cb8cc5f5a695f0488989eb3682aa38

Headers

File Characteristics

Imports

kernel32

appnmem

appnkrnl

haystapi

msvcrt

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 17KB - Virtual size: 18KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 17KB - Virtual size: 18KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB