1f81a622106a45e53ad0e102a04d4910_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1f81a622106a45e53ad0e102a04d4910_NeikiAnalytics.exe
Size

179KB
MD5

1f81a622106a45e53ad0e102a04d4910
SHA1

66a4e611b1d4a9e9b76f400a4640e3211617b139
SHA256

4a80e87a4e230f14efaf671608ccb21b11bdded604f7de28ab605f06434dfc97
SHA512

240a9c9b5f98be66897802a87dc9ea08af643415039d6795d7cee1db10502ea3e4c4a0548da7cc38ca14f1350f15992c6d50e62e0cb2039de96a77dd9eb3da34
SSDEEP

3072:6lFlQLmHQUN7aFNGLYpy32AnpBvVGKM6ltGxsQTix6UUQlPHKg:6l469gFMLY0GAnphMIUgUQlP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f81a622106a45e53ad0e102a04d4910_NeikiAnalytics.exe

Files

1f81a622106a45e53ad0e102a04d4910_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

161cebe1ac9332efad804465c5e520e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
__WSAFDIsSet
bind
WSAIoctl
closesocket
getsockopt
socket
ntohs
recvfrom
htons
sendto
setsockopt
inet_ntoa
WSAPoll
WSARecv
connect
getprotobyname
getaddrinfo
WSASend
freeaddrinfo
WSAGetLastError
select

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

msvcp140_app

?_Xbad_function_call@std@@YAXXZ
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Xtime_get_ticks
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z

vcruntime140_1_app

__CxxFrameHandler4

vcruntime140_app

memcpy
memcmp
__std_type_info_destroy_list
_CxxThrowException
memmove
__C_specific_handler
strchr
__std_terminate
__std_exception_copy
__std_exception_destroy
memset

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_callnewh
realloc

api-ms-win-crt-string-l1-1-0

tolower
islower
_strdup
strncpy
toupper

api-ms-win-crt-stdio-l1-1-0

fgets
__stdio_common_vsprintf_s
__stdio_common_vsprintf
feof
fclose
fopen

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
terminate
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
strerror
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_errno

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

161cebe1ac9332efad804465c5e520e6

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

msvcp140_app

vcruntime140_1_app

vcruntime140_app

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-interlocked-l1-1-0

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 608B

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 608B