28d94e96fda057f0778ff3258d08e64367779ee62b81a8ad81f872fe0ba9bab7_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

28d94e96fda057f0778ff3258d08e64367779ee62b81a8ad81f872fe0ba9bab7_NeikiAnalytics.exe
Size

723KB
MD5

c7a316ad9c73695e17626b9e7ecdb590
SHA1

42514d3298d53c6d596fa125959ec25a8ed4ab92
SHA256

28d94e96fda057f0778ff3258d08e64367779ee62b81a8ad81f872fe0ba9bab7
SHA512

2577718bd12dfd4638565f0f7dbc1875e889af0d388246c10354da7058455205757fa601955fb4d140ba7d5294a2e8a6538163f115a140065f520fbce5ff7efa
SSDEEP

12288:WE8b8tiU0BuHUddhMCkQszRDxVEyIYOUaWB5anxvfusyJC6FnATTNej+U+R:TidsHUdZQzRLEyIlUarfujJC6FEca

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d94e96fda057f0778ff3258d08e64367779ee62b81a8ad81f872fe0ba9bab7_NeikiAnalytics.exe

Files

28d94e96fda057f0778ff3258d08e64367779ee62b81a8ad81f872fe0ba9bab7_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

176981fc6a241595b2c28176c72f27fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\ti\release\ti_rel\src\launcher_main\Release_relbase\tacint.pdb

Imports

shell32

ShellExecuteA

user32

MessageBoxA

advapi32

RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA

ole32

CoInitialize
CoUninitialize

wsock32

WSAStartup
WSACleanup

steam_api

SteamAPI_RegisterCallResult
SteamAPI_Shutdown
SteamClient
SteamAPI_RestartAppIfNecessary
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_InitSafe

ws2_32

WSAGetLastError
closesocket
ioctlsocket
recv
send
freeaddrinfo
connect
socket
getaddrinfo
select
__WSAFDIsSet

tier0

Error
g_pMemAlloc
ThreadSleep
Warning
LoggingSystem_ResetCurrentLoggingState
Plat_ExitProcess
Plat_NoPerforce
Plat_DebugString
MemFreeScratch
MemAllocScratch
StackToolsNotify_LoadedLibrary
GetThreadedLoadLibraryFunc
?DevWarning@@YAXPBDZZ
Plat_FloatTime
COM_TimestampedLog
ShouldUseNewAssertDialog
Msg
RunTSQueueTests
RunTSListTests
?DevMsg@@YAXPBDZZ
Plat_VerifyHardwareKeyPrompt
LoggingSystem_RegisterLoggingListener
Plat_MessageBox
WriteMiniDump
Plat_IsInDebugSession
Plat_SetWindowPos
Plat_GetDesktopResolution
LoggingSystem_RegisterLoggingChannel
Plat_CreateWindow
CommandLine
?Lock@CThreadFastMutex@@ACEXII@Z
DevMsg
ReleaseThreadHandle
CreateSimpleThread

vstdlib

VStdLib_GetICVarFactory
KeyValuesSystem
V_UnicodeToUTF8
V_UTF8ToUnicode
RunThreadPoolTests

kernel32

GetFileAttributesA
MultiByteToWideChar
CreateFileW
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
WriteConsoleW
CreateFileA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
CreateProcessA
GetExitCodeProcess
CompareStringW
GetStringTypeW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameW
WriteFile
RtlUnwind
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
ReadFile
IsProcessorFeaturePresent
GetCurrentDirectoryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEnvironmentVariableW
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
ExitProcess
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
DecodePointer
SetCurrentDirectoryA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CloseHandle
WaitForSingleObject
CreateMutexA
ReleaseMutex
GetCurrentDirectoryA
SetPriorityClass
GetCommandLineA
GetCurrentThreadId
GetFullPathNameA
WideCharToMultiByte
GetProcAddress
LoadLibraryExA
GetCurrentProcessId
CreateFileMappingA
FreeLibrary
GetDriveTypeW
GetLastError
SetEnvironmentVariableA

Exports

Exports

CreateInterface

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

176981fc6a241595b2c28176c72f27fc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

user32

advapi32

ole32

wsock32

steam_api

ws2_32

tier0

vstdlib

kernel32

Exports

Exports

Sections

.text Size: 289KB - Virtual size: 289KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 11KB - Virtual size: 44KB

.rsrc Size: 362KB - Virtual size: 361KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 289KB - Virtual size: 289KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 11KB - Virtual size: 44KB

.rsrc
Size: 362KB - Virtual size: 361KB

.reloc
Size: 24KB - Virtual size: 24KB