metasploit | 185638cd19a0e5a27c414b670f367620_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

185638cd19a0e5a27c414b670f367620_NeikiAnalytics.exe
Size

52KB
MD5

185638cd19a0e5a27c414b670f367620
SHA1

d2833c9429f84d0e314a0d74032351430bd46a02
SHA256

c3a97fcc68779dc15537180fc9681c44b4617b0ebb2552ecbfab83d63b5b0f89
SHA512

ef400e791f0e29d2396f1c9559fe8ce6b7a93bad4a925a8fa3ad53e225901bd70da99b3b1eff5208c92d22f6c278e25c24e1c95b6fd137bee4a752541b15f1da
SSDEEP

768:bYr3fpEiIfewMy4V+bBDqMoPdR/GPKESgNKnjcdWRCisWjcdRHTRmgU2B:bYr3wfTK+bgPrES/cdqrsWjcdigU2B

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
185638cd19a0e5a27c414b670f367620_NeikiAnalytics.exe

Files

185638cd19a0e5a27c414b670f367620_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

9672132c88c2850e381b33c0e69486f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\BUILDS\Shellcode\Release\Shellcode.pdb

Imports

kernel32

GetConsoleWindow
CloseHandle
WriteConsoleW
GetCommandLineA
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
RtlUnwind
HeapAlloc
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
CreateFileW

user32

ShowWindow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

9672132c88c2850e381b33c0e69486f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB