17e805291e8c74bd959946d8829201b0bd226af00fa4d3ccebd288b3f56e943c_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

17e805291e8c74bd959946d8829201b0bd226af00fa4d3ccebd288b3f56e943c_NeikiAnalytics.exe
Size

464KB
MD5

aee28cdc9f5892a5a2b3f086780c1c00
SHA1

5bd57176ed0516164e843db2e3d300c7b81449f0
SHA256

17e805291e8c74bd959946d8829201b0bd226af00fa4d3ccebd288b3f56e943c
SHA512

e8accb733629bf0c5395f1ccbb069a41b8b58998269ac494c0bbaf070e2fff83840c03cef74df4d70278851cf1fc5deb5f15f118c6347161aa7c69abf45f6ee9
SSDEEP

6144:W0NN+Fi+X61tDjpX//ukdtpCj3x/dcIOEfwuWVQG2xjzs39fhwD:EFiLFjZ//xdabxnOZLGo9+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17e805291e8c74bd959946d8829201b0bd226af00fa4d3ccebd288b3f56e943c_NeikiAnalytics.exe

Files

17e805291e8c74bd959946d8829201b0bd226af00fa4d3ccebd288b3f56e943c_NeikiAnalytics.exe
.dll regsvr32 windows:10 windows x64 arch:x64

d15e0a6a557afaa235b89a36c245717f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

swprv.pdb

Imports

msvcrt

free
realloc
malloc
wcscat_s
_wtoi64
iswdigit
_vsnprintf
wcscpy_s
wcsncmp
_wcsnicmp
_vsnwprintf
_wcsicmp
wcschr
towupper
??0exception@@QEAA@AEBQEBDH@Z
__CxxFrameHandler4
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBD@Z
memcpy
memmove
_errno
_beginthreadex
memcmp
??1type_info@@UEAA@XZ
__C_specific_handler
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_callnewh
_purecall
_XcptFilter
memset

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetThreadToken
OpenProcessToken
GetCurrentThread
OpenThreadToken
ResumeThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SetWaitableTimer
InitializeCriticalSectionEx
CreateEventW
EnterCriticalSection
CreateWaitableTimerExW
CancelWaitableTimer
WaitForSingleObject
ResetEvent

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

ReadFile
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNameW
GetFileAttributesW
CreateFileW
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceExW
FindVolumeClose

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceExW
LoadLibraryExW

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegDeleteTreeW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemWindowsDirectoryW
GetComputerNameExW
GetVersionExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapDestroy
HeapAlloc

ntdll

RtlCompareMemory
NtQueryInformationProcess
NtQueryVolumeInformationFile
RtlNtStatusToDosErrorNoTeb
RtlInitializeBitMap
NtQuerySystemInformation
RtlNtStatusToDosError
RtlTimeToElapsedTimeFields
WinSqmAddToStream

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

devobj

DevObjGetDeviceInterfaceDetail
DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjGetDeviceRegistryProperty
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vsstrace

ord9
ord5
ord1
ord8
ord2
ord3
ord10
ord11
ord4
ord7
ord6

api-ms-win-security-base-l1-1-0

AddAce
InitializeAcl
AddAccessDeniedAceEx
GetAclInformation
AddAccessAllowedAceEx
IsValidSid
SetSecurityDescriptorDacl
DuplicateTokenEx
AdjustTokenPrivileges
AllocateAndInitializeSid
GetAce
CreateWellKnownSid
SetSecurityDescriptorGroup
CheckTokenMembership
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
CopySid
GetTokenInformation

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
ReportEventW
DeregisterEventSource

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

virtdisk

GetStorageDependencyInformation

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d15e0a6a557afaa235b89a36c245717f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

ntdll

api-ms-win-core-file-l1-2-0

devobj

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

vsstrace

api-ms-win-security-base-l1-1-0

api-ms-win-eventlog-legacy-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

virtdisk

Exports

Exports

Sections

.text Size: 300KB - Virtual size: 298KB

fothk Size: 4KB - Virtual size: 4KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 12KB - Virtual size: 10KB

.didat Size: 4KB - Virtual size: 488B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1024B

.text
Size: 300KB - Virtual size: 298KB

fothk
Size: 4KB - Virtual size: 4KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 12KB - Virtual size: 10KB

.didat
Size: 4KB - Virtual size: 488B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1024B