187f194d3c81261e8217a85ba0463fb8624cdcc4740a8adc8f1865fc3c342c19_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

187f194d3c81261e8217a85ba0463fb8624cdcc4740a8adc8f1865fc3c342c19_NeikiAnalytics.exe
Size

196KB
MD5

8a1678ba068f0741dddbb973ed935e50
SHA1

9bd383e1c939461db3b307c91be9f15489601269
SHA256

187f194d3c81261e8217a85ba0463fb8624cdcc4740a8adc8f1865fc3c342c19
SHA512

3d9007d42dd5c93b0f67598f3ff7c1218803d8d3ddd7ddd508ff436f25d1ffb8f93efe89cc758fe17f1f031ed94550039e0e819c953bc1f4446ada08c9cb8fe4
SSDEEP

3072:a+S/J+63hKDnpzRD6k/r4rwRbS4TYJgzCXgYCmo19ihpMxpoIgXBJ6Lcwei8O:ugoQDnlck/rlqFyihpMu6rX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
187f194d3c81261e8217a85ba0463fb8624cdcc4740a8adc8f1865fc3c342c19_NeikiAnalytics.exe

Files

187f194d3c81261e8217a85ba0463fb8624cdcc4740a8adc8f1865fc3c342c19_NeikiAnalytics.exe
.dll windows:10 windows x86 arch:x86

adfa4ceb475544ed7a3c0fb8598bd5ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olesvr32.pdb

Imports

msvcrt

_vsnwprintf
??3@YAXPAX@Z
_purecall
_errno
wcsncmp
memcpy
memcmp
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
lstrcmpA
GetCurrentThreadId
VirtualQuery
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
IsDebuggerPresent
IsWow64Process
DebugBreak
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceComplete
GetCurrentThread
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
lstrcmpiA
GlobalSize
GlobalGetAtomNameA
GlobalUnlock
GlobalFindAtomA
GlobalLock
GlobalFree
GlobalAlloc
GlobalAddAtomA
Sleep
GetLastError
FormatMessageW
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GlobalDeleteAtom
LocalUnlock
LocalFree
LocalAlloc
LocalLock
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError

advapi32

SetThreadToken
RegOpenKeyExA
EventUnregister
OpenThreadToken
OpenProcessToken
RegOpenUserClassesRoot
EventSetInformation
EventRegister
RegQueryValueExA
EventWriteTransfer
RegCloseKey

user32

GetParent
GetWindowLongA
SetTimer
PostMessageA
UnpackDDElParam
PackDDElParam
SendMessageA
CreateWindowExA
DefWindowProcA
EnumPropsA
SetWindowLongA
IsWindow
RegisterClassA
RegisterClipboardFormatA
GetWindowThreadProcessId
SetPropA
GetClassNameA
KillTimer
GetDesktopWindow
RemovePropA
GetPropA
SetWindowWord
EnumChildWindows
FreeDDElParam
DestroyWindow
GetWindow

gdi32

CopyMetaFileA
CreateBitmap
GetBitmapBits
DeleteEnhMetaFile
DeleteObject
DeleteMetaFile
GetObjectA
SetBitmapBits
CopyEnhMetaFileA

ntdll

EtwTraceMessage

Exports

Exports

DeleteClientInfo
DocWndProc
EnumForTerminate
FindItemWnd
ItemCallBack
ItemWndProc
OleBlockServer
OleQueryServerVersion
OleRegisterServer
OleRegisterServerDoc
OleRenameServerDoc
OleRevertServerDoc
OleRevokeObject
OleRevokeServer
OleRevokeServerDoc
OleSavedServerDoc
OleUnblockServer
SendDataMsg
SendRenameMsg
SrvrWndProc
TerminateClients
TerminateDocClients
WEP

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adfa4ceb475544ed7a3c0fb8598bd5ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 143KB - Virtual size: 142KB

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 143KB - Virtual size: 142KB