25eaab7aa156f5ff24d6263408d0c030_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

25eaab7aa156f5ff24d6263408d0c030_NeikiAnalytics.exe
Size

260KB
MD5

25eaab7aa156f5ff24d6263408d0c030
SHA1

1408d73faa8f9316360518e181772cf910dffecc
SHA256

b91816e15a695c9e85b826ac29e876a3db3bbbfab884e2abfbf88862ce801d43
SHA512

04b6739fb8499095f776bfaf8ec57b3ed022690b221cabf87abc3369e08a964657a11fd1370bb41e033432972362309e334b99cbd17c4fbf152658777dd6b02b
SSDEEP

3072:2jB40UD675F5FYkZyhZyBqoUJqMFUNm1mEbY3JclRvI79TAU5021TVl9bJNs:YgD6lFjYkZIrBUNm1c3JclRr+DN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25eaab7aa156f5ff24d6263408d0c030_NeikiAnalytics.exe

Files

25eaab7aa156f5ff24d6263408d0c030_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

5a0264b5d8094a869d4a4abce1dbb53d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bcdboot.pdb

Imports

msvcrt

memset
_wcsicmp
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
memmove
memcpy
memcmp
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
_wsetlocale
wcscpy_s
fflush
swprintf_s
?terminate@@YAXXZ
strncmp
strcpy_s
wcsnlen
wcsstr
_wcslwr
_snwscanf_s
wcstoul
_ultow_s
wcsncpy_s
wcschr
_vsnwprintf_s
fclose
_wfopen_s
wcsncmp
wcsrchr
_vsnwprintf
wcscat_s
_wcsnicmp
_wcsupr
__iob_func
wcscmp

rpcrt4

UuidCreate

bcrypt

BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptHashData

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

imagehlp

CheckSumMappedFile

kernel32

SetLastError
GetLastError
HeapFree
GetConsoleOutputCP
GetStdHandle
WriteFile
GetModuleFileNameW
GetConsoleMode
FormatMessageW
LoadLibraryW
HeapAlloc
WriteConsoleW
GetProcAddress
GetProcessHeap
FreeLibrary
WideCharToMultiByte
GetFileType
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
QueryDosDeviceW
GetFileSizeEx
GetLongPathNameW
GetVolumePathNameW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
GetVolumeNameForVolumeMountPointW
GetCurrentThread
CloseHandle
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
GetLogicalDrives
FindFirstVolumeW
SetVolumeMountPointW
LocalFree
FindVolumeClose
DeleteVolumeMountPointW
FindNextVolumeW
GetFullPathNameW
LoadLibraryExW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
GetPrivateProfileSectionW
FindClose
SetFileAttributesW
MoveFileExW
CreateDirectoryW
DeviceIoControl
LoadResource
FindResourceExW
LCIDToLocaleName
GetVersionExW
GetModuleHandleExW
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
GetCurrentProcess
LocalAlloc
GetLocaleInfoW
LocaleNameToLCID
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
DeleteFileW
CopyFileExW
SearchPathW

shlwapi

PathRemoveBackslashW

advapi32

DuplicateTokenEx
EventRegister
EventUnregister
LookupPrivilegeValueW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
RegQueryValueExW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
EventWriteTransfer
SetThreadToken

ntdll

ZwWaitForSingleObject
ZwQueryKey
ZwReleaseMutant
ZwOpenMutant
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtOpenSymbolicLinkObject
RtlSetDaclSecurityDescriptor
NtOpenKey
NtQuerySymbolicLinkObject
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
RtlFreeSid
RtlCreateAcl
RtlCreateSecurityDescriptor
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
ZwCreateFile
ZwCreateKey
ZwQueryAttributesFile
ZwFlushKey
ZwDeleteValueKey
ZwSaveKey
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetSecurityObject
ZwUnloadKey
ZwSetValueKey
ZwOpenKey
ZwAllocateUuids
LdrGetProcedureAddress
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
ZwQueryInformationFile
ZwOpenProcess
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtOpenThreadTokenEx
RtlImpersonateSelf
ZwLoadKey
ZwClose
ZwOpenFile
ZwQuerySystemInformation
RtlAllocateHeap
NtQuerySystemEnvironmentValueEx
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
RtlCompareMemory
RtlFreeHeap
RtlStringFromGUID
NtSetInformationFile
RtlFreeUnicodeString
NtOpenFile
NtWaitForSingleObject
RtlNtStatusToDosError
NtQueryInformationThread
NtQueryInformationFile
NtCreateEvent
NtClose
RtlImageNtHeader
NtDeviceIoControlFile
NtSetInformationThread
NtReadFile
NtOpenProcess
NtQueryInformationProcess
NtWriteFile
RtlInitUnicodeString
RtlGUIDFromString
RtlAppendUnicodeToString

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a0264b5d8094a869d4a4abce1dbb53d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

bcrypt

wintrust

crypt32

imagehlp

kernel32

shlwapi

advapi32

ntdll

Sections

.text Size: 152KB - Virtual size: 149KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 208B

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 208B