df2e1c07f63950830fae5d554574b650_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

df2e1c07f63950830fae5d554574b650_NeikiAnalytics.exe
Size

592KB
MD5

df2e1c07f63950830fae5d554574b650
SHA1

d6173aba30898a17b4827798b811230f9312b4c2
SHA256

bb1a2c1ecf168a2d6bd3475d3f285f317d7d79376774141f13962a374b5bf05a
SHA512

d67e353d60dbe348fa5ed026e81fdb29bb0140ea855158b7a32b35598f8e88d8e08ef5723ee8f9553499f1c100a007188a873b6469449e63b09cd7b70f9f937d
SSDEEP

12288:swyjwnjUIhRciGcyackqEIcYkC4VaDiGhYCKaqTDi+awjXN2:sELRciGblkqo29AJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df2e1c07f63950830fae5d554574b650_NeikiAnalytics.exe

Files

df2e1c07f63950830fae5d554574b650_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

96fc78ad39950842202fefacf9e36d8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bt\176\target\retail\i386\OGAVerify.pdb

Imports

kernel32

SetEndOfFile
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSetInformation
GetFileAttributesA
GetModuleFileNameA
GetLastError
LoadLibraryW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
IsDebuggerPresent
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
FreeLibrary
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileA
CloseHandle
FlushFileBuffers
CreateFileW
ReadProcessMemory
GlobalFree
GlobalAlloc
FindClose
FindFirstFileA
FindFirstFileW
GetSystemDirectoryA
GetSystemDirectoryW
GetDriveTypeA
CreateMutexA
CreateDirectoryW
GetCurrentDirectoryW
CreateDirectoryA
GetTempPathA
LocalFree
LocalAlloc
MoveFileA
DeleteFileA
TryEnterCriticalSection
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetComputerNameW
CompareFileTime
SystemTimeToFileTime
GetLocalTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
WaitForSingleObject
ReleaseMutex
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
DeviceIoControl
GetSystemDefaultLangID
FindNextFileA
ReadFile
lstrlenA
lstrlenW
GetSystemInfo
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
ResumeThread
SetThreadAffinityMask
CreateThread
GetProcessAffinityMask
GlobalMemoryStatus
GetVolumeInformationA
GetLogicalDriveStringsA
GetExitCodeThread
GetSystemTime
InitializeCriticalSectionAndSpinCount
GetVersion
VirtualProtect

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
CopySid
GetLengthSid
OpenThreadToken
CryptReleaseContext
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptDestroyHash
CryptDestroyKey
RegQueryInfoKeyW
RegEnumValueW
CryptImportKey
RegEnumKeyExW
RegEnumKeyExA
GetCurrentHwProfileA
GetCurrentHwProfileW
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA
CryptDecrypt

ole32

CoCreateGuid
CLSIDFromProgID
IIDFromString
CoInitializeEx
StringFromGUID2
CoSetProxyBlanket
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysStringLen
VariantInit
SysFreeString
SysAllocString

crypt32

CertFreeCertificateContext
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertCreateCertificateContext
CertCloseStore
CertComparePublicKeyInfo
CertOpenStore
CryptExportPublicKeyInfo
CertFindExtension
CertEnumCertificatesInStore
CryptUnprotectData
CryptProtectData
CertVerifySubjectCertificateContext

wininet

InternetErrorDlg
InternetQueryOptionA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetAutodial
InternetGetConnectedState
HttpQueryInfoA
InternetReadFile
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

user32

GetDesktopWindow
GetSystemMetrics
wsprintfA
BroadcastSystemMessageA

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

96fc78ad39950842202fefacf9e36d8b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

crypt32

wininet

setupapi

version

user32

Sections

.text Size: 451KB - Virtual size: 451KB

.data Size: 32KB - Virtual size: 50KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 451KB - Virtual size: 451KB

.data
Size: 32KB - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 100KB - Virtual size: 100KB