35db6667703e01f426f04be5410c7e493b3f4f2c8c75c041ee6297b54fa560ac_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

35db6667703e01f426f04be5410c7e493b3f4f2c8c75c041ee6297b54fa560ac_NeikiAnalytics.exe
Size

596KB
MD5

2c5c544c57d443112aa6a9e536f21620
SHA1

d12c40ee47fbf00eb2e3d7d62fa325831350ab18
SHA256

35db6667703e01f426f04be5410c7e493b3f4f2c8c75c041ee6297b54fa560ac
SHA512

a3a01dc35d99983168889e99f226857483de0ca9491efeeb1c6729c2203291643a3a7309aff5c38a7ba6aab439cd7eee503c2f1c78e6da196ef8167c0116e1d2
SSDEEP

12288:/hTwxeTve1W/CSYfpT+JfB36p7zQ8SaJFEcZpknslQhHXpX7fVx2Qk:/aeTG4/gfpT+JfUJzQmZpysqZLVxrk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35db6667703e01f426f04be5410c7e493b3f4f2c8c75c041ee6297b54fa560ac_NeikiAnalytics.exe

Files

35db6667703e01f426f04be5410c7e493b3f4f2c8c75c041ee6297b54fa560ac_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

7bbcc23451fafd8c549dacecbb42955e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\o12-dist\jun06\autocvs\ctapi3\MS_German_Release\msth3ge.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
CloseHandle
ReadFile
GetACP
GetOEMCP
SetFilePointer
ExitProcess
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
GetFullPathNameA
GetCurrentDirectoryA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

ThesaurusCheck
ThesaurusCloseLex
ThesaurusGetOptions
ThesaurusGetString
ThesaurusInit
ThesaurusOpenLex
ThesaurusSetOptions
ThesaurusTerminate
ThesaurusVersion

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bbcc23451fafd8c549dacecbb42955e

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 32KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 264KB - Virtual size: 264KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 32KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 264KB - Virtual size: 264KB