0bc916fd368f62e04db287c4f69eaca0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0bc916fd368f62e04db287c4f69eaca0_NeikiAnalytics.exe
Size

1.5MB
MD5

0bc916fd368f62e04db287c4f69eaca0
SHA1

21323d999db042d76f77fbeb27dcb6f888fa76c5
SHA256

b4965afc4fec9c9f804e36893ef503d8a991518671e6a1ce4ee53ce35e04a089
SHA512

14eaf40fd310f09e22287f21cb827b9ae3cc69031a4aad29ff0822dc281a190beaddf885287bebf7add22479db6ebd5312be3204425242c16260b4e2a0386ad6
SSDEEP

24576:Vy9aovq+fONGhsKbghJ7Vs7iHKBcIfL+9MYEhnbhdxKaANp:UcohOE+0iHTIfLeMYa7x0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bc916fd368f62e04db287c4f69eaca0_NeikiAnalytics.exe

Files

0bc916fd368f62e04db287c4f69eaca0_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

2e5095ad961a0c2008775e994c9eddac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\Projects\WinRAR\rar\build\rar64\Release\RAR.pdb

Imports

kernel32

SetLastError
GetCurrentDirectoryA
CloseHandle
GetCurrentProcess
CreateFileW
BackupRead
BackupSeek
SetFileTime
MoveFileA
FlushFileBuffers
SetFilePointer
SetEndOfFile
GetFileTime
GetFileType
CreateFileA
ReadFile
WriteFile
GetDriveTypeA
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetFullPathNameA
GetFullPathNameW
MoveFileW
DeleteFileA
DeleteFileW
RemoveDirectoryA
RemoveDirectoryW
DeviceIoControl
CreateDirectoryA
CreateDirectoryW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
FindClose
FindNextFileA
FindFirstFileA
GetLastError
FindFirstFileW
GetVersionExA
CreateThread
ExitThread
GetProcessAffinityMask
WaitForSingleObject
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
GetModuleFileNameA
SetErrorMode
FreeLibrary
LoadLibraryA
LoadLibraryExA
CompareStringA
SetThreadPriority
GetCurrentThread
SetPriorityClass
SetCurrentDirectoryA
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoA
FormatMessageA
LocalFree
SetConsoleCtrlHandler
Sleep
GetTickCount
GetSystemTime
SystemTimeToFileTime
GetStdHandle
GetConsoleMode
SetConsoleMode
FindNextFileW
ReadConsoleA
GetStringTypeW
GetStringTypeA
GetConsoleCP
HeapFree
HeapReAlloc
HeapAlloc
RtlFillMemory
RtlLookupFunctionEntry
RtlUnwindEx
RtlCompareMemory
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
HeapCreate
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
FlsAlloc
RaiseException
RtlPcToFileHeader
GetACP
GetOEMCP
IsValidCodePage
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetVersion
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId

user32

CharUpperW
CharLowerW
ExitWindowsEx
LoadStringA
CharUpperA
CharToOemA
CharToOemBuffA
OemToCharA
OemToCharBuffA
CharLowerA

advapi32

RegQueryValueExA
RegCloseKey
GetFileSecurityW
GetFileSecurityA
GetSecurityDescriptorLength
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e5095ad961a0c2008775e994c9eddac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 294KB - Virtual size: 294KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 11KB - Virtual size: 77KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 1.1MB - Virtual size: 1.6MB

.text
Size: 294KB - Virtual size: 294KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 11KB - Virtual size: 77KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 1.1MB - Virtual size: 1.6MB