92c7697768bfb1d4f7ca808c274e1940_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

92c7697768bfb1d4f7ca808c274e1940_NeikiAnalytics.exe
Size

236KB
MD5

92c7697768bfb1d4f7ca808c274e1940
SHA1

de486a763fc58f18eef9c921dea41e0fb7a9eacf
SHA256

42d008796f01b90aa03bcac701e3209d61f265873d18ef2092311b8c5d6a9cb7
SHA512

2e2bd9bd29e635eeaf91e83e183474c41d2e26376c5c4e8bb37f8958ffc9538e2841e42f698421b56e2137e8de8f2019a2176a57d40b7ea92bb4558570693690
SSDEEP

3072:83ZPEnj8Q+m2Q+4DLiCt75DFk5aY277EIDgfK4qr9jNrRcREaSTQcz0D:83caQ+65DH77EIDgSRhxCEaSj0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92c7697768bfb1d4f7ca808c274e1940_NeikiAnalytics.exe

Files

92c7697768bfb1d4f7ca808c274e1940_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

f36cd52d4a2a7f99b6b1822b41d71f97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\SRINI\SDR\SDR - VS2005\Code\Bin\Release\ADService.pdb

Imports

kernel32

GetCurrentProcess
TlsGetValue
GetCommandLineA
CloseHandle
lstrcmpiA
SystemTimeToTzSpecificLocalTime
FreeLibrary
GetSystemTime
InterlockedExchange
MultiByteToWideChar
SetUnhandledExceptionFilter
FindFirstFileA
GetLocalTime
TlsFree
DeleteFileA
CreateFileMappingA
HeapAlloc
GetComputerNameA
TlsAlloc
MapViewOfFile
GetSystemTimeAsFileTime
UnmapViewOfFile
HeapFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetProcessHeap
TlsSetValue
LoadLibraryExA
GetFileSize
FindResourceA
InterlockedDecrement
CreateFileA
LoadResource
SetFilePointer
DeleteCriticalSection
SizeofResource
GetLastError
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
InterlockedIncrement
QueryPerformanceCounter
WriteFile
GetCurrentProcessId
InitializeCriticalSection
GetTickCount
FormatMessageA
lstrlenW
LeaveCriticalSection
IsDBCSLeadByte
GetCurrentThread
LocalFree
EnterCriticalSection
lstrlenA
WideCharToMultiByte
RaiseException
FindNextFileA
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
LoadLibraryA
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
VirtualFree
HeapCreate
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapReAlloc
VirtualProtect
VirtualAlloc
GetProcAddress
GetSystemInfo
VirtualQuery
GetStartupInfoA
RtlUnwind
SetLastError
Sleep
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
FatalAppExitA
HeapDestroy

user32

LoadStringA
wsprintfA
PostThreadMessageA
MessageBoxA
UnregisterClassA
GetMessageA
DispatchMessageA
CharNextA
wvsprintfA

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
GetTokenInformation
RegisterServiceCtrlHandlerA
IsValidSid
GetLengthSid
CopySid
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
SetSecurityDescriptorOwner
StartServiceCtrlDispatcherA
SetSecurityDescriptorGroup
DeregisterEventSource
InitializeSecurityDescriptor
ReportEventA
RegisterEventSourceA
DeleteService
ControlService
CreateServiceA
SetServiceStatus
CloseServiceHandle
OpenServiceA
RegEnumKeyExA
OpenSCManagerA
RegDeleteValueA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
OpenThreadToken
RegDeleteKeyA

ole32

CoInitializeSecurity
CoTaskMemAlloc
CoRegisterClassObject
CoCreateInstance
CoInitializeEx
StringFromGUID2
CoRevokeClassObject
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemRealloc

oleaut32

CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
VariantClear
GetErrorInfo
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f36cd52d4a2a7f99b6b1822b41d71f97

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB