dnscat2 | 292f46672c104f01a5ad83de47eb1aa0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

292f46672c104f01a5ad83de47eb1aa0_NeikiAnalytics.exe
Size

186KB
MD5

292f46672c104f01a5ad83de47eb1aa0
SHA1

b73ac5b172ccb77b19a661402fd7d87bb6c2a92e
SHA256

389e2ad2b1032b2f5c3c68d8c22a57742c359a354ddae5e1b1c590a605215cba
SHA512

2f12bcc792c4785adfba6486dfcc3603777b61775211155295429dc763bdb0ae00e2f4db8646fbdbeeb0325cdff209945377fa60821309e85d3e328d1d765289
SSDEEP

3072:CVm1f9xll31HTmQ8aWrvKlJ9zzHVbXU5JV6WRwtmUjxug49VWrS5L3TexGOc173w:31f9zTrMryJ93VzUjkWethug48M3Temf

Score

10^/10

dnscat2

Malware Config

Signatures

Detects dnscat2 1 IoCs

Processes:

resource	yara_rule
sample	tool_dnscat2

Dnscat2 family
dnscat2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
292f46672c104f01a5ad83de47eb1aa0_NeikiAnalytics.exe

Files

292f46672c104f01a5ad83de47eb1aa0_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

a7f7ed7f1c26d9e4b38a678d2cf4e715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\reborn\Downloads\dnscat2-master\client\win32\Release\dnscat2.pdb

Imports

ws2_32

htons
sendto
setsockopt
WSAGetLastError
bind
closesocket
gethostbyname
WSAStartup
inet_addr
send
socket
connect
ioctlsocket
__WSAFDIsSet
select
ntohs
inet_ntoa
recvfrom
recv
getsockopt
WSAStringToAddressA
htonl
gethostname

dnsapi

DnsQueryConfig

kernel32

GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
FlushFileBuffers
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetACP
GetTimeZoneInformation
GetSystemTimeAsFileTime
WriteFile
TerminateProcess
CreatePipe
CloseHandle
CreateProcessA
ReadFile
GetStdHandle
PeekNamedPipe
Sleep
GetLastError
CreateThread
FormatMessageA
GetConsoleCP
WriteConsoleW
SetEndOfFile
ReadConsoleW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
GetFullPathNameW
MultiByteToWideChar
SetStdHandle

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7f7ed7f1c26d9e4b38a678d2cf4e715

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

dnsapi

kernel32

advapi32

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB