9baa143d13aefb1a19fcc0ac49e30b10_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9baa143d13aefb1a19fcc0ac49e30b10_NeikiAnalytics.exe
Size

471KB
MD5

9baa143d13aefb1a19fcc0ac49e30b10
SHA1

a860a066f05978a709eb5da6096b065c643bfb91
SHA256

d06779a88e8d0e354c55d18c6662939e96d45a1538118ab2033cee42fdc12eec
SHA512

83bb5c05e610ae6d4ecddb38d80dda271adf087921df0640f9e5c7d8a6e7a8023135dbe4b95fbf389474bd7d488bceb0636542a3e0b13862d2717cec6ad087cd
SSDEEP

6144:gnOfQmLKh8GK412cz4vbswgHPF9ypr7c1IutteYTeW6zT7reShdOg1mPbnRL:zQaKJK4gS41c1dttBTRmPreiJYnR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9baa143d13aefb1a19fcc0ac49e30b10_NeikiAnalytics.exe

Files

9baa143d13aefb1a19fcc0ac49e30b10_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

adce88e3d7d8f1525c0d7ae5edc0b7ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc40

ord1540
ord3890
ord4657
ord3578
ord2086
ord4608
ord5647
ord3837
ord4704
ord3314
ord4296
ord3922
ord2323
ord1785
ord5649
ord3268
ord4510
ord1494
ord2140
ord1850
ord4691
ord2617
ord2754
ord2843
ord3945
ord2744
ord2845
ord2620
ord2696
ord3345
ord3346
ord3340
ord2694
ord3580
ord4101
ord3906
ord3262
ord724
ord509
ord545
ord5125
ord285
ord3153
ord3158
ord2115
ord1426
ord1090
ord4677
ord1035
ord1014
ord662
ord5427
ord5428
ord5467
ord2417
ord5207
ord5487
ord421
ord4593
ord3272
ord482
ord835
ord2081
ord5557
ord3711
ord2264
ord3177
ord2134
ord2514
ord1429
ord5296
ord4681
ord3859
ord4312
ord4450
ord2199
ord5360
ord1539
ord4694
ord3907
ord3134
ord315
ord2046
ord3724
ord2707
ord3762
ord5363
ord5506
ord1532
ord1814
ord672
ord3219
ord2072
ord2008
ord5610
ord1703
ord265
ord2097
ord2909
ord4713
ord4716
ord3579
ord4166
ord4719
ord4703
ord5054
ord2916
ord4096
ord723
ord589
ord3661
ord470
ord1966
ord334
ord507
ord5588
ord1041
ord5492
ord2515
ord2065
ord2005
ord1546
ord961
ord3254
ord716
ord2957
ord3758
ord1849
ord3622
ord2869
ord3506
ord5320
ord2879
ord3929
ord4140
ord4145
ord1599
ord3731
ord2388
ord2091
ord2676
ord4545
ord4548
ord3947
ord3790
ord2913
ord4463
ord862
ord4845
ord2962
ord2528
ord2527
ord3647
ord3577
ord4653
ord4696
ord2324
ord1445
ord3917
ord4668
ord3909
ord600
ord702
ord713
ord499
ord476
ord351
ord5490
ord5652
ord2181
ord2304
ord2303
ord5203
ord4173
ord2961
ord1846
ord3938
ord3659
ord4479
ord2218
ord3112
ord2320
ord1060
ord4817
ord5780
ord821
ord761
ord592
ord1725
ord5658
ord339
ord267
ord1359
ord975
ord3046
ord2200
ord341
ord4957
ord1583
ord3727
ord4163
ord2675
ord2681
ord5612
ord2195
ord2224
ord4659
ord1510
ord4934
ord2774
ord5005
ord3902
ord3870
ord3007
ord2789
ord5385
ord5470
ord4097
ord3908
ord578
ord325
ord706
ord2100
ord4282
ord5031
ord1449
ord2327
ord2427
ord2094
ord5114
ord478
ord5676
ord3058
ord2891
ord980
ord3005
ord2201
ord346
ord607
ord4965
ord5079
ord2007
ord4088
ord4087
ord1700
ord3760
ord4065
ord3826
ord3833
ord4348
ord4007
ord4021
ord4019
ord4002
ord4005
ord4000
ord4417
ord4414
ord3606
ord4656
ord3267
ord1493
ord3913
ord719
ord503
ord4676
ord4186
ord3786
ord3765
ord2883
ord3419
ord3383
ord4521
ord2428
ord484
ord622
ord373
ord2440
ord696
ord582
ord3145
ord3237
ord1817
ord5415
ord2064
ord4089
ord4086
ord4084
ord3761
ord5648
ord3963
ord2234
ord2197
ord5070
ord3431
ord965
ord4627
ord4715
ord2390
ord4165
ord5053
ord3259
ord721
ord504
ord549
ord4714
ord4635
ord292
ord873
ord469
ord3655
ord2299
ord5418
ord3068
ord3067
ord5674
ord5673
ord2262
ord3885
ord2931
ord3163
ord5319
ord3504
ord3502
ord3110
ord569
ord5123
ord5205
ord5332
ord314
ord1954
ord1425
ord5121
ord2510
ord2511
ord1824
ord353
ord5124
ord423
ord3214
ord3784
ord3630
ord604
ord1825
ord2198
ord289
ord3732
ord1828
ord570
ord274
ord538
ord3109
ord856
ord1718
ord4850
ord5132
ord4374
ord4428
ord4321
ord3928
ord1759
ord4853
ord5145
ord486
ord760
ord729
ord731
ord819
ord1061
ord483
ord5656
ord4826
ord5782
ord5665
ord479
ord3185
ord2293
ord5569
ord4623
ord4839
ord488
ord5570
ord3764
ord704
ord4977
ord708
ord3326
ord2905
ord3047
ord4961
ord3820
ord2424
ord3626
ord3656
ord2426
ord834
ord762
ord817
ord481
ord836
ord957
ord2471
ord340
ord1805
ord3186
ord375
ord626
ord818
ord5158
ord5049
ord5314
ord1843
ord5607
ord1368

msvcrt40

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_initterm
__p__acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
strstr
malloc
free
tolower
sprintf
sqrt
_adj_fdiv_m32i
_adj_fdiv_m64
_setmbcp
__CxxFrameHandler
memcmp
memmove
strlen
vsprintf
_mbscmp
strncmp
_ftol
strtod
strtol
strcmp
strcpy
memset
toupper
strncpy
__p__pctype
_isctype
__p___mb_cur_max
strchr
_CxxThrowException
_controlfp
_mbsicmp
strcat

kernel32

VirtualFree
CreateFileA
GetFileSize
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GlobalAlloc
GlobalLock
CloseHandle
GlobalFree
WaitForSingleObject
GlobalUnlock
ResetEvent
GetLastError
SetEvent
MapViewOfFileEx
GetTempFileNameA
SetFilePointer
DeleteFileA
SetProcessWorkingSetSize
GetTempPathA
GetFileAttributesA
CreateDirectoryA
GetCurrentProcess
SetConsoleTitleA
AllocConsole
CreateProcessA
CreatePipe
GetExitCodeProcess
DuplicateHandle
GenerateConsoleCtrlEvent
WriteFile
TerminateProcess
ReadFile
Sleep
PeekNamedPipe
GetModuleHandleA
GetStartupInfoA
GetVersion
SetEndOfFile
VirtualAlloc

user32

EnumWindows
IsWindow
IsClipboardFormatAvailable
ShowWindow
OffsetRect
LoadBitmapA
GetDC
GetWindowTextA
GetClipboardData
GetClientRect
CreatePopupMenu
AppendMenuA
EnableMenuItem
GetIconInfo
SetCursorPos
ClientToScreen
SetClipboardData
EnableWindow
FillRect
GetDesktopWindow
PostMessageA
SetForegroundWindow
BringWindowToTop
SetCursor
ScreenToClient
GetWindowRect
LoadMenuA
GetSubMenu
CheckMenuItem
GetMessagePos
SendMessageA
MessageBeep
GetSysColor
LoadIconA
LoadCursorA
InvalidateRect
ReleaseDC
PtInRect
CloseClipboard
OpenClipboard

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
CreateSolidBrush
DPtoLP
EnumFontFamiliesA
CreateHatchBrush
CreateFontA
GetTextExtentPointA
GetDeviceCaps
FloodFill
CreateDIBitmap

comctl32

ImageList_GetIcon
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_EndDrag
ImageList_SetBkColor
ImageList_Draw
ImageList_AddMasked

wsock32

listen
WSAStartup

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adce88e3d7d8f1525c0d7ae5edc0b7ba

Headers

File Characteristics

Imports

mfc40

msvcrt40

kernel32

user32

gdi32

comctl32

wsock32

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 15KB - Virtual size: 21KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 15KB - Virtual size: 21KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 20KB - Virtual size: 20KB