0f6e01e0723b89a48cf1bbc34fa4a31e53e1632057f84f93f21b72d40fb120f1_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0f6e01e0723b89a48cf1bbc34fa4a31e53e1632057f84f93f21b72d40fb120f1_NeikiAnalytics.exe
Size

72KB
MD5

6e6b7e4b8f5c7f8659b66cd4c3dfb680
SHA1

865dccc19395f27ff2d994ce630c69e6b5d2cc43
SHA256

0f6e01e0723b89a48cf1bbc34fa4a31e53e1632057f84f93f21b72d40fb120f1
SHA512

755074d4a150fe592a30cc0c52bd8201b55115069da7fc65e6922d0dcfae3d48614764a2a18cc009e07c577e94452d1bb1682d3cd534a0a6772f6f3c2481dcc6
SSDEEP

1536:jvkXkd5/2t/WWqWhuCWqslhIcJQcTlpHpyL8r1LTs:jvk25SWWThojIcJQcTlpHpFr5w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f6e01e0723b89a48cf1bbc34fa4a31e53e1632057f84f93f21b72d40fb120f1_NeikiAnalytics.exe

Files

0f6e01e0723b89a48cf1bbc34fa4a31e53e1632057f84f93f21b72d40fb120f1_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

a3a16123a174639264764355d4a40ced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

compact.pdb

Imports

kernel32

GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetLocaleInfoW
GetConsoleMode
FormatMessageW
WriteConsoleW
WideCharToMultiByte
GetFileType
GetFullPathNameW
GetLastError
HeapSetInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
SetThreadPreferredUILanguages
GetSystemTimeAsFileTime
Sleep
PowerCreateRequest
RtlCaptureContext
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
RtlLookupFunctionEntry
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetTickCount

ntdll

RtlDecompressBufferEx
RtlCompressBuffer
RtlAcquirePrivilege
NtPowerInformation
RtlFreeHeap
RtlGetNtProductType
NtSetInformationThread
RtlRandom
RtlAllocateHeap
RtlGetCompressionWorkSpaceSize
RtlNtStatusToDosError
NtQueryVolumeInformationFile

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesW
GetVolumePathNameW
FindNextFileW
FindClose
FindFirstFileW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetEvent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegLoadKeyW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-processthreads-l1-1-0

CreateThread
OpenThreadToken
GetCurrentThread
GetCurrentProcess
OpenProcessToken

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-security-base-l1-1-0

RevertToSelf
AdjustTokenPrivileges
ImpersonateLoggedOnUser
PrivilegeCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

msvcrt

__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncmp
swprintf_s
memcpy_s
_wcsnicmp
_wcsicmp
wcschr
wcscat_s
wcscpy_s
_get_osfhandle
exit
?terminate@@YAXXZ
__setusermatherr
_commode
_fmode
_initterm
__C_specific_handler
_cexit
printf
memcpy
_exit
memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3a16123a174639264764355d4a40ced

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

msvcrt

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-psapi-l1-1-0

Sections

.text Size: 32KB - Virtual size: 30KB

fothk Size: 4KB - Virtual size: 4KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 16KB

.pdata Size: 4KB - Virtual size: 900B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 196B

.text
Size: 32KB - Virtual size: 30KB

fothk
Size: 4KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 16KB

.pdata
Size: 4KB - Virtual size: 900B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 196B