2d9041d66e03fe2947fbaa6ceb0b7860_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2d9041d66e03fe2947fbaa6ceb0b7860_NeikiAnalytics.exe
Size

1.2MB
MD5

2d9041d66e03fe2947fbaa6ceb0b7860
SHA1

ef717b12247de5eb9f0a78239119da01abb6a106
SHA256

9584352b8e8fca7c8245b844838d215fad7e09ca8d69febe795114c56ef84c60
SHA512

d883fe50a580148187c71c944f4bf3e9b8359425552f0353483eb0b0e3f6e7840eaf064431c475f5ee71b2f6bcb83e21a28e73d018c5e42b04164d60d218cb6d
SSDEEP

24576:oq5Xr575EmvUTin89AXYGSPogiZO3XtYHeDlaHc5G54+uvYE3:oar575XUTi8SXY8RSlaHiG5bwYY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d9041d66e03fe2947fbaa6ceb0b7860_NeikiAnalytics.exe

Files

2d9041d66e03fe2947fbaa6ceb0b7860_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

d296c068b0ce75d772312a1681a6dc98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersAddresses

ws2_32

gethostname
WSACleanup
WSAStartup
closesocket
WSAGetLastError
connect
gethostbyname
ntohl
freeaddrinfo
WSAStringToAddressA
setsockopt
sendto
send
recvfrom
listen
getsockopt
ioctlsocket
bind
accept
__WSAFDIsSet
getaddrinfo
socket
shutdown
select
htons

advapi32

GetUserNameW
CreateWellKnownSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceA
ReportEventA
AddAccessAllowedAceEx

user32

GetDesktopWindow
GetSystemMetrics
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

kernel32

CreateDirectoryW
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
SetStdHandle
GetExitCodeProcess
CreateProcessW
DeleteFileW
SetFileAttributesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
HeapSize
WriteConsoleW
GetFileAttributesExW
GetConsoleMode
LCMapStringW
CompareStringW
GetVersionExA
CloseHandle
WaitForSingleObject
Sleep
CreateProcessA
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileA
FindNextFileA
CreateDirectoryA
GetStdHandle
GetFileType
GetLastError
GetCurrentThreadId
GetVersion
GetModuleFileNameA
CreateFileA
GetVolumeInformationA
DeviceIoControl
GetFileAttributesA
GetFileInformationByHandle
GlobalFree
FindFirstFileW
FindNextFileW
CreateThread
ExitThread
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
FreeLibrary
GetProcAddress
GlobalMemoryStatus
LoadLibraryA
LocalFree
LocalAlloc
InterlockedDecrement
InterlockedCompareExchange
CreateMutexA
ReleaseMutex
FormatMessageA
GetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetCurrentProcess
TlsFree
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleA
ReadFile
WriteFile
GetFileSize
GetLocalTime
SetErrorMode
InterlockedIncrement
HeapReAlloc
SearchPathA
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
UnlockFileEx
LockFileEx
SetEndOfFile
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
CreateFileW
GetTimeZoneInformation
GetFullPathNameW
GetDriveTypeW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
SetLastError
DecodePointer

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantClear

winhttp

WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 922KB - Virtual size: 921KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d296c068b0ce75d772312a1681a6dc98

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

advapi32

user32

kernel32

shell32

ole32

oleaut32

winhttp

Sections

.text Size: 922KB - Virtual size: 921KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 125KB - Virtual size: 1.3MB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 922KB - Virtual size: 921KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 125KB - Virtual size: 1.3MB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 37KB - Virtual size: 37KB