312c2354552c782eff55e503cc1a5310_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

312c2354552c782eff55e503cc1a5310_NeikiAnalytics.exe
Size

52KB
MD5

312c2354552c782eff55e503cc1a5310
SHA1

0d48c1eeaa543a8ed8839055a4915a078b90f7a6
SHA256

abad253d648e70514020cf5d261bd3ccedf524b1093fc334449fe973f5a707ba
SHA512

474b812dfea51807aac07d21d40e503ba0dd4155151540e88842922cce76aa8c68911f8ec50f484faa1a56515f4d9c52ea869e79fcbfc7b8690e41fa577fdd1f
SSDEEP

768:ivpwhjugCxk6mm6CzSNrvO4x+97vXbBoc6x3EmzhVuZFQMHKn4vrjQs5dQdnvfHz:iwLCSFefsYzLBYx3dzoOMuUAsvWJl

Score

1^/10

Malware Config

Signatures

Files

312c2354552c782eff55e503cc1a5310_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

a06da33b16c95ea920f8fa017cf26caf

Code Sign

3d:26:1f:2f:07:18:e1:83:4f:40:62:3d:2b:e2:2b:26
Certificate

Issuer

CN=Microsoft Windows,C=US

Not Before

15/07/2015, 17:59

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Windows,C=US

a6:ff:4e:03:3a:32:a7:d6:65:00:d1:08:05:6f:e7:d2:f8:db:e4:27
Signer

Actual PE Digest

a6:ff:4e:03:3a:32:a7:d6:65:00:d1:08:05:6f:e7:d2:f8:db:e4:27

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcscpy
__C_specific_handler
IofCompleteRequest
KeWaitForSingleObject
_local_unwind
ObfDereferenceObject
ObReferenceObjectByHandle
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
ObQueryNameString
wcscmp
KeStackAttachProcess
KeDelayExecutionThread
wcsncpy
wcsstr

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a06da33b16c95ea920f8fa017cf26caf

Code Sign

3d:26:1f:2f:07:18:e1:83:4f:40:62:3d:2b:e2:2b:26Certificate

a6:ff:4e:03:3a:32:a7:d6:65:00:d1:08:05:6f:e7:d2:f8:db:e4:27Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.bss Size: - Virtual size: 288B

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 372B

INIT Size: 512B - Virtual size: 510B

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 512B - Virtual size: 146B

.bdata Size: 25KB - Virtual size: 24KB

3d:26:1f:2f:07:18:e1:83:4f:40:62:3d:2b:e2:2b:26
Certificate

a6:ff:4e:03:3a:32:a7:d6:65:00:d1:08:05:6f:e7:d2:f8:db:e4:27
Signer

.text
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 288B

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 372B

INIT
Size: 512B - Virtual size: 510B

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 512B - Virtual size: 146B

.bdata
Size: 25KB - Virtual size: 24KB