a7dc9335b89af2dd5d13d461e0341b60_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a7dc9335b89af2dd5d13d461e0341b60_NeikiAnalytics.exe
Size

553KB
MD5

a7dc9335b89af2dd5d13d461e0341b60
SHA1

770a7b6f0692a8ad6e231e7a60d1d9e4ee41374a
SHA256

1bdb1320479afb75e83e780c13d1bde7e0751ad4a8aa4dbbd1ef5be552b5b4b0
SHA512

a93e998cff795b00c5dc2a0005a4e4708d2c2e88415f305dc8dcae4f9bb76e865cfaab2c1831342e8057733d50dd74f26d08a84695b09fada3d1e556cae4b1a1
SSDEEP

6144:DA6caPrOCt7OIwmaBviKGkixlhQ7Gp1ZKARC1L2C:P57OIwmaBviFrUARCd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7dc9335b89af2dd5d13d461e0341b60_NeikiAnalytics.exe

Files

a7dc9335b89af2dd5d13d461e0341b60_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

e52d2e6b72a65cb13777afbee7d7a88d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user0ff\Desktop\KDU-master\Source\Hamakaze\output\x64\Debug\kdu.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryExW
HeapCreate
HeapDestroy
HeapAlloc
DeleteFileW
ResumeThread
CreateProcessW
GetStartupInfoW
WriteProcessMemory
UnmapViewOfFile
GetModuleHandleW
GetCurrentProcessId
ReadFile
SetFilePointer
WriteFile
Sleep
TerminateProcess
VirtualLock
VirtualUnlock
CreateThread
ExitThread
TerminateThread
HeapSetInformation
GetSystemDirectoryW
CreateFileW
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
CreateEventW
VirtualFree
GetStdHandle
GetCommandLineW
GetSystemInfo
GetSystemTimeAsFileTime
VirtualAllocEx
ReadProcessMemory
CreateFileMappingW
MapViewOfFile
VirtualFreeEx
GetModuleFileNameW
FormatMessageW
GetFirmwareEnvironmentVariableW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
ExpandEnvironmentStringsW
GetCurrentDirectoryW
LoadLibraryW
Beep
HeapFree
WaitForSingleObject
CloseHandle
RtlCompareMemory
GetLastError
GetCurrentProcess
VirtualAlloc
SetDllDirectoryW
SetLastError
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
GetCurrentThreadId
VirtualQuery

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ntdll

RtlCreateAcl
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlGetCurrentPeb
NtAlpcCreatePort
NtAlpcDisconnectPort
NtAlpcAcceptConnectPort
LdrUnloadDll
RtlGetVersion
RtlDoesFileExists_U
NtCreateMutant
NtDuplicateObject
NtSetSecurityObject
LdrFindEntryForAddress
LdrGetProcedureAddress
NtQueryLicenseValue
RtlLengthRequiredSid
RtlTimeToSecondsSince1970
NtQueryObject
NtWaitForSingleObject
NtFsControlFile
NtReadFile
RtlSetDaclSecurityDescriptor
NtLoadDriver
NtUnloadDriver
NtOpenSection
NtSetValueKey
NtTerminateProcess
RtlNtdllName
LdrLockLoaderLock
LdrUnlockLoaderLock
NtOpenFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryInformationThread
NtOpenThread
NtOpenProcess
NtPrivilegeCheck
NtAdjustPrivilegesToken
NtQueryInformationToken
NtOpenProcessToken
NtFlushBuffersFile
NtWriteFile
NtCreateFile
RtlEqualSid
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtDeviceIoControlFile
RtlCreateSecurityDescriptor
NtOpenKey
NtUnmapViewOfSection
NtMapViewOfSection
NtCreateSection
LdrLoadDll
NtUnlockVirtualMemory
NtLockVirtualMemory
NtFreeVirtualMemory
NtQueryInformationFile
NtAllocateVirtualMemory
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
NtSetSystemInformation
NtQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
RtlWow64EnableFsRedirectionEx
RtlSetLastWin32Error
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlFreeSid
RtlEqualUnicodeString
RtlImageNtHeader
LdrAccessResource
LdrFindResource_U
RtlInitString
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlPrefixUnicodeString
RtlFreeUnicodeString
RtlFreeAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlDosPathNameToNtPathName_U
RtlExpandEnvironmentStrings
NtReplyWaitReceivePort

rpcrt4

UuidCreate

setupapi

SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetINFClassW
SetupDiCallClassInstaller
SetupDiRemoveDevice
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW

newdev

UpdateDriverForPlugAndPlayDevicesW

bcrypt

BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptEncrypt

msdelta

DeltaFree
ApplyDeltaB

vcruntime140d

memchr
memcmp
__C_specific_handler
memset
__C_specific_handler_noexcept
__std_type_info_destroy_list
__current_exception
__current_exception_context
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memcpy

ucrtbased

_initterm
_initterm_e
exit
_exit
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
_get_initial_narrow_environment
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
__p__commode
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_CrtDbgReportW
_CrtDbgReport
__stdio_common_vfwprintf_s
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vfprintf_s
__stdio_common_vfprintf
fflush
__acrt_iob_func
_initialize_narrow_environment

Sections

.textbss
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e52d2e6b72a65cb13777afbee7d7a88d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

rpcrt4

setupapi

newdev

bcrypt

msdelta

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 124KB

.text Size: 274KB - Virtual size: 274KB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 11KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 16KB

.idata Size: 12KB - Virtual size: 12KB

.msvcjmc Size: 12KB - Virtual size: 12KB

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 76KB - Virtual size: 75KB

.reloc Size: 6KB - Virtual size: 5KB

.textbss
Size: - Virtual size: 124KB

.text
Size: 274KB - Virtual size: 274KB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 11KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 16KB

.idata
Size: 12KB - Virtual size: 12KB

.msvcjmc
Size: 12KB - Virtual size: 12KB

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 76KB - Virtual size: 75KB

.reloc
Size: 6KB - Virtual size: 5KB