25903f5756dca618d0fa737238108930_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

25903f5756dca618d0fa737238108930_NeikiAnalytics.exe
Size

409KB
MD5

25903f5756dca618d0fa737238108930
SHA1

582470a8a3ebe1706c9df5b31c8541d9e9bdcebd
SHA256

3fb0e267b094d79fcb304093b73d947554e06320f02ebad1e4753691276b284c
SHA512

6c102bc4cd56ff1a6de14ecb03cb1930cfc2ebbbcca5bb61285afb1f913f6c4817fa5f8fcf6e061317400777f0324fb96f9b7ebb1c77f3641ca9a412bfe2facd
SSDEEP

6144:ILhN4GJjh73bn1hgE8EU7Ad4oXRsm+2OmIK:ILhN4GJjF3b1hgE8A2oXRtv6K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25903f5756dca618d0fa737238108930_NeikiAnalytics.exe

Files

25903f5756dca618d0fa737238108930_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

f35802c5b4c983304b2892d7d96b4f0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\src\wix38\build\ship\x86\wixca.pdb

Imports

msi

ord121
ord8
ord17
ord125
ord47
ord64
ord80
ord103
ord34
ord171
ord74
ord73
ord145
ord120
ord118
ord116
ord143
ord26
ord166
ord163
ord160
ord159
ord162
ord32
ord124
ord49
ord51
ord119

advapi32

RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
LookupAccountSidW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildTrusteeWithSidW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
ChangeServiceConfig2W
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
RegCloseKey
RegOpenKeyExW
CreateWellKnownSid
LookupAccountNameW

user32

DispatchMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
UnregisterClassW
CreateWindowExW
IsWindow
TranslateMessage
GetMessageW
GetSystemMetrics
SendMessageTimeoutW
EnumWindows
GetWindowThreadProcessId
IsDialogMessageW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetStdHandle
GetModuleFileNameA
RtlUnwind
LoadLibraryExW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
GetModuleHandleExW
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetWindowsDirectoryW
OpenProcess
TerminateProcess
GetLastError
SetLastError
CloseHandle
FreeLibrary
GetProcAddress
LocalFree
GetVersionExW
FindClose
FindFirstFileW
FindNextFileW
lstrcmpW
GetCurrentProcess
FormatMessageW
lstrcmpiW
WriteFile
GetTempPathW
CreateFileW
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
Sleep
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetCurrentProcessId
SetFilePointer
LoadLibraryW
WriteConsoleW
GetSystemDirectoryW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
CreatePipe
GetModuleHandleW
CreateProcessW
GetPriorityClass
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
GlobalFree
GetFileSizeEx
ReadFile
SetFilePointerEx
GetFileTime
SetFileTime
ExpandEnvironmentStringsW
GetFullPathNameW
SetFileAttributesW
DeleteFileW
InterlockedIncrement
InterlockedDecrement
GetProcessTimes
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
ExitProcess
GetModuleHandleA
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
GetTickCount
FlushFileBuffers

Exports

Exports

CAQuietExec
CAQuietExec64
CommitCAScriptCleanup
ExecSecureObjects
ExecSecureObjectsRollback
ExecServiceConfig
ExecXmlConfig
ExecXmlConfigRollback
ExecXmlFile
ExecXmlFileRollback
RollbackServiceConfig
SchedSecureObjects
SchedSecureObjectsRollback
SchedServiceConfig
SchedXmlConfig
SchedXmlFile
WixCheckRebootRequired
WixCloseApplications
WixCloseApplicationsDeferred
WixCreateInternetShortcuts
WixExitEarlyWithSuccess
WixFailWhenDeferred
WixQueryOsDirs
WixQueryOsDriverInfo
WixQueryOsInfo
WixQueryOsWellKnownSID
WixRegisterRestartResources
WixRemoveFoldersEx
WixRollbackInternetShortcuts
WixSchedInternetShortcuts
WixShellExec
WixShellExecBinary
WixWaitForEvent

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f35802c5b4c983304b2892d7d96b4f0d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

advapi32

user32

oleaut32

shell32

ole32

version

kernel32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 3KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 3KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB