340b466a1f9a629577dc90aeb62f060812c9b6f6d90799a5f606dbd7a618f0b4_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

340b466a1f9a629577dc90aeb62f060812c9b6f6d90799a5f606dbd7a618f0b4_NeikiAnalytics.exe
Size

104KB
MD5

82e6b73dda003b64b14ba6238f407320
SHA1

fd755b6260d70859f95d99f896481d7635afb4db
SHA256

340b466a1f9a629577dc90aeb62f060812c9b6f6d90799a5f606dbd7a618f0b4
SHA512

03f4f1fab13d080a7025d379cce1a301b83f2750631f348e37cbb3d12684f80714c6fe0606f5f1deb3db54ab32f3dcb328c19e208aabde0cb884bb1c488bbae3
SSDEEP

1536:qOzQn4X1PuMa6PVyyTfySKhnuEUr0vD+tMyNzbnh9DY2El:qO64dYsTfIog+tZnh9DYhl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
340b466a1f9a629577dc90aeb62f060812c9b6f6d90799a5f606dbd7a618f0b4_NeikiAnalytics.exe

Files

340b466a1f9a629577dc90aeb62f060812c9b6f6d90799a5f606dbd7a618f0b4_NeikiAnalytics.exe
.dll windows:10 windows x64 arch:x64

bddfc4b54c40a7697d272438b07198b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSMON.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_CxxThrowException
memcmp
memcpy
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_wtoi
iswdigit
_wcsicmp
wcsstr
_wsplitpath_s
__CxxFrameHandler4
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memmove_s
_itow
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
RtlVirtualUnwind
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwRegisterTraceGuidsW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

spoolss

GetJobW
SetJobW
OpenPrinterW
ClosePrinter

kernel32

IsDebuggerPresent
DebugBreak
GetModuleHandleW
AcquireSRWLockShared
CreateMutexExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
DelayLoadFailureHook
ResolveDelayLoadedAPI
ReleaseSRWLockExclusive
FormatMessageW
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
GetModuleHandleExW
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameA
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
OutputDebugStringW
RegOpenKeyExW
RegQueryValueExW
DisableThreadLibraryCalls
lstrcmpW
LocalAlloc
LocalFree
CloseHandle
DeleteFileW
GetLastError
SetLastError
GetTempPath2W
GetTempFileNameW
CreateFileW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
FlushFileBuffers
GetFileSize
WriteFile
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap
GetModuleFileNameW
LoadLibraryW
FreeLibrary
ExpandEnvironmentStringsW
RegCloseKey
GetProcAddress
WideCharToMultiByte

Exports

Exports

InitializePrintMonitor2

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bddfc4b54c40a7697d272438b07198b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-processthreads-l1-1-0

spoolss

kernel32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

fothk Size: 4KB - Virtual size: 4KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.didat Size: 4KB - Virtual size: 120B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 232B

.text
Size: 56KB - Virtual size: 53KB

fothk
Size: 4KB - Virtual size: 4KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.didat
Size: 4KB - Virtual size: 120B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 232B