6d193a80ee1101c55f4301604d7d2660_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6d193a80ee1101c55f4301604d7d2660_NeikiAnalytics.exe
Size

356KB
MD5

6d193a80ee1101c55f4301604d7d2660
SHA1

86dbe2ee02381e96333efd0d0a158c1e8c565085
SHA256

a56d583c70944c83ca6def374941e031384f8fefdb2a418d717492b783e92477
SHA512

eed5e5a1fec23f06ecb0dde0eb62dfea3f23ef0e601f0de0666cf48ed087c280cf80be09128bd8d2806b46a77644a80fc16eb0bc2bc86962fb21b28520be4fc6
SSDEEP

6144:OmWIzs9lWSPqbk4zmXGacNa/zAR2bKo0S5c3TBQdDgvT+rb:tWEs9lWSwiXYNa/U7TWdDSe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d193a80ee1101c55f4301604d7d2660_NeikiAnalytics.exe

Files

6d193a80ee1101c55f4301604d7d2660_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

ecc03f81a6a14b912b42d091a1593153

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\MultiSoft\T34\svn\T34\Project\_imfrd\Compress.pdb

Imports

winmm

timeGetTime

shlwapi

PathRelativePathToA
PathAddBackslashA
PathMatchSpecA
PathRemoveFileSpecA
PathSearchAndQualifyA

kernel32

GetOEMCP
SetEndOfFile
SetConsoleCtrlHandler
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
UnhandledExceptionFilter
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
SystemTimeToFileTime
GetSystemTime
GetFileAttributesExA
lstrcpyA
FindClose
FindNextFileA
FindFirstFileA
CreateFileA
SetStdHandle
HeapFree
HeapAlloc
RaiseException
ExitProcess
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetACP
DeleteFileA
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLastError
CloseHandle
WriteFile
SetFilePointer
ReadFile
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

MessageBoxA

Exports

Exports

?RegisterContainer@CPackedFileSystem@@UAIXABV?$basic_string@DV?$char_traits@D@std@@V?$__default_alloc_template@$0A@$0A@@2@@std@@@Z
GrForceLibrariesRelease
GrGetInstance

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecc03f81a6a14b912b42d091a1593153

Headers

File Characteristics

PDB Paths

Imports

winmm

shlwapi

kernel32

user32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 8KB - Virtual size: 91KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 8KB - Virtual size: 91KB

.reloc
Size: 24KB - Virtual size: 23KB