2583a5105b61b4a0b80f689aebac6e40_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2583a5105b61b4a0b80f689aebac6e40_NeikiAnalytics.exe
Size

2.0MB
MD5

2583a5105b61b4a0b80f689aebac6e40
SHA1

b306668edfcda06e1617888a7d4761a922d58e9a
SHA256

ee71d4377d086761ada74cc6f4be5d80d90e1f0f09a716cbb6a1f3942e4f4815
SHA512

671105c66730b30be086adf92f762860c1fff421616abfa42e0c265df39bc0ecbcf371a649310e37c23577745371a0dde056dd2a04761c1a7c94c34c9c8998ab
SSDEEP

49152:Yl20i8Ewu1R1v0njTDQRy1w0mQKKYpWwl1+NY:b0R4p0nfDQFKYpfg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2583a5105b61b4a0b80f689aebac6e40_NeikiAnalytics.exe

Files

2583a5105b61b4a0b80f689aebac6e40_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

84399b5970253b8a34d4dbb90a05e4ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegGetValueW
RegCloseKey
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA

kernel32

GetFileType
WriteConsoleW
GetCurrentProcess
LeaveCriticalSection
LoadLibraryW
GetProcAddress
EnterCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
SetErrorMode
RtlCaptureContext
GetCurrentThread
GetCurrentThreadId
GetLastError
GetCurrentProcessId
CloseHandle
ExpandEnvironmentStringsW
SetLastError
GetEnvironmentVariableW
GetNativeSystemInfo
GetProcessTimes
GetCommandLineW
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetLongPathNameW
GetConsoleMode
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetSystemTimeAsFileTime
GetModuleHandleW
GetFileAttributesW
CreateFileW
GetCurrentDirectoryW
CreateDirectoryW
SetCurrentDirectoryW
GetVolumePathNameW
GetDriveTypeW
GetFinalPathNameByHandleW
Sleep
GetFileInformationByHandle
MoveFileExW
SetFileTime
CreateFileMappingW
MapViewOfFile
VirtualQuery
DuplicateHandle
UnmapViewOfFile
FlushFileBuffers
GetSystemInfo
FindFirstFileExW
GetSystemTime
SystemTimeToFileTime
SetFileInformationByHandle
ReadFile
MultiByteToWideChar
WideCharToMultiByte
RaiseException
WaitForSingleObject
CreateProcessW
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
SetProcessAffinityMask
ResumeThread
TerminateProcess
K32GetProcessMemoryInfo
GetExitCodeProcess
SearchPathW
FormatMessageA
LocalFree
VirtualProtect
FreeLibrary
LoadLibraryExA
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
InitializeSListHead
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSectionAndSpinCount

msvcp140

?_Xbad_function_call@std@@YAXXZ
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_destroy_in_situ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z

vcruntime140

__std_exception_destroy
_CxxThrowException
__current_exception_context
__current_exception
__CxxFrameHandler3
strchr
memchr
memset
_purecall
memcmp
memmove
memcpy
_except_handler4_common
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
malloc
free
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

abort
exit
_invoke_watson
_invalid_parameter_noinfo_noreturn
_controlfp_s
terminate
_set_error_mode
_set_abort_behavior
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
signal
_seh_filter_exe
_set_app_type
_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_c_exit

api-ms-win-crt-string-l1-1-0

isupper
wcslen
tolower
strnlen
islower
isalnum
strncmp
strcmp
toupper
isalpha
strlen

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand
_byteswap_ushort

api-ms-win-crt-stdio-l1-1-0

__p__commode
_open_osfhandle
__acrt_iob_func
_lseek
_write
_close
fflush
_set_fmode
_get_osfhandle
_fileno
_lseeki64
__stdio_common_vsprintf
_setmode

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

log10
ceil
__setusermatherr

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
asctime

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84399b5970253b8a34d4dbb90a05e4ed

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 199KB - Virtual size: 198KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 612KB - Virtual size: 616KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 199KB - Virtual size: 198KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 612KB - Virtual size: 616KB