121f7af19308747c8e4f42afa326a550_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

121f7af19308747c8e4f42afa326a550_NeikiAnalytics.exe
Size

1.6MB
MD5

121f7af19308747c8e4f42afa326a550
SHA1

fde05fc570e09be6d24ed48f0c31193a5611e152
SHA256

617b3fe15b5e92bff9d4eddfa91fbee850d0af2df75dfc9cb3fd81894d5bfc90
SHA512

a3e6736a114b96a26c6dad72b206439e073f3e231f9108e5eb761ea1aab2bcee46d82383415298a62071fd4c941f5dc6684e094d572c0e72e226ca3a8aa9e019
SSDEEP

49152:Y3kU9ppOmAZQcir73TTRqRf26zbrcq4/I3r0ZOE:YVHOn+coTpp6zb7/2O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
121f7af19308747c8e4f42afa326a550_NeikiAnalytics.exe

Files

121f7af19308747c8e4f42afa326a550_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

55c779ec0d4e782df6c9a70c67991f7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueW

gdi32

Arc

msimg32

AlphaBlend

ole32

IsEqualGUID

comctl32

ImageList_Add

winspool.drv

OpenPrinterA

shell32

ShellExecuteA
DragFinish

comdlg32

PrintDlgA

winmm

waveOutOpen

avifil32

AVISaveVW

msvfw32

DrawDibOpen

Sections

Size: 1.6MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE