3a633abb7df5f5afeabc7f896cf4a440_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a633abb7df5f5afeabc7f896cf4a440_NeikiAnalytics.exe
Size

516KB
MD5

3a633abb7df5f5afeabc7f896cf4a440
SHA1

176c06132c3d1b5cfc7a723fae660adea78db8ef
SHA256

df4128d599ec542112c3807b9724a5b864d97f5a70159578379ecd16157fe8f3
SHA512

7c8eb84cb2322f0ac82cd59002b0443e9b9d9f4f50ae5b88a8d77bd828eae6683044b22bcd69050ef7ff7fe594a4a3c75570dedeada8974db6a4046abb5f7515
SSDEEP

12288:w1QskmuqYS4MmvcsODkfBxeg9/3hi/R6uHHoCBwQbCewqmS:wXbrKM/gJcgxYpvtB1bCewRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a633abb7df5f5afeabc7f896cf4a440_NeikiAnalytics.exe

Files

3a633abb7df5f5afeabc7f896cf4a440_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

7236284ac5e45ce6c03d0dda35f6fbbc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GetFileSize
FindNextFileA
FindClose
CloseHandle
CreateFileA
GetCurrentProcessId
GetEnvironmentVariableA
FindFirstFileA
DeviceIoControl
ReadFile
WriteFile
GetVersion
LocalFree
GetLocalTime
SystemTimeToFileTime
GetSystemTime
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleHandleA
Sleep
GetVersion
GetModuleHandleA
GetProcAddress
GetModuleHandleA

user32

MessageBoxA
PostMessageA

mfc42

ord2575

msvcrt

__set_app_type

shell32

SHGetDesktopFolder

ngio18

?ErrorMessage@CError@@SAHHI@Z

ngframe18

?InitInstance@CBaseApp@@UAEHXZ

hlvdd

ord7

advapi32

RegOpenKeyExA

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.protect
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE