289584b163314cf9da860560bd2cf4a0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

289584b163314cf9da860560bd2cf4a0_NeikiAnalytics.exe
Size

782KB
MD5

289584b163314cf9da860560bd2cf4a0
SHA1

39ea47e6bd7e65d3e5df5c0857b646a5e7a37f7d
SHA256

3311c70f4e30d3551ac256dc41bb9a5c33991a18b8a0ccd17bdcfd90078a32ed
SHA512

0b6ca97cc55035f666d7c2200bb77f2e256c16c1a2a6bde1d31c210635088d3eb728e6d0948b66cc2096b2405f1527976fe0ccbf3f7c963883d91b6308c4c48e
SSDEEP

12288:6BX57s8SHFqSO9dwOo0cnOXwJSmA+aEj6OZyNhw235vKOuKSy4iHf7bVWSfClKGk:c7/4F7/nRJSVSjYYiHf7bVWSfClKG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
289584b163314cf9da860560bd2cf4a0_NeikiAnalytics.exe

Files

289584b163314cf9da860560bd2cf4a0_NeikiAnalytics.exe
.dll windows:6 windows

d0e1f717ea3c4394aeeabff5d019d697

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp140_app

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
_Mtx_unlock
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAA@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAA@XZ
_Strxfrm
??1_Lockit@std@@QAA@XZ
??0_Lockit@std@@QAA@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?c_str@?$_Yarn@D@std@@QBAPBDXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBAPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBADD@Z
??1facet@locale@std@@MAA@XZ
??0facet@locale@std@@IAA@I@Z
?_Decref@facet@locale@std@@UAAPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAAXXZ
??Bid@locale@std@@QAAIXZ
?_Getcoll@_Locinfo@std@@QBA?AU_Collvec@@XZ
??1_Locinfo@std@@QAA@XZ
??0_Locinfo@std@@QAA@PBD@Z
?_Random_device@std@@YAIXZ
_Cnd_signal
_Mtx_current_owns
_Cnd_init_in_situ
_Cnd_timedwait
_Cnd_destroy_in_situ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAAHXZ

vcruntime140_app

__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
strchr
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__std_type_info_destroy_list
memcpy
memmove
memset
memcmp

api-ms-win-crt-heap-l1-1-0

free
realloc
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__stdio_common_vsscanf

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_initterm
_cexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_beginthreadex
_execute_onexit_table
_crt_atexit
_errno
_seh_filter_dll
_configure_narrow_argv

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_time64
_mktime64

api-ms-win-crt-convert-l1-1-0

strtod
strtoull
atol
strtol
strtoll
atof
atoi

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-string-l1-1-0

strlen
isspace
strncmp
strncpy
isalnum
isalpha
tolower
strcmp

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-math-l1-1-0

ceilf
_dclass

api-ms-win-core-errorhandling-l1-1-0

RaiseException

Exports

Exports

ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0e1f717ea3c4394aeeabff5d019d697

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140_app

vcruntime140_app

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

Exports

Exports

Sections

.text Size: 442KB - Virtual size: 442KB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 20KB - Virtual size: 25KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 442KB - Virtual size: 442KB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 20KB - Virtual size: 25KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 16KB - Virtual size: 16KB