446fef8b7ed7ef0d0f68b55b20ba05ccbc8e18c8c206322db1cf0460d73f755a_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

446fef8b7ed7ef0d0f68b55b20ba05ccbc8e18c8c206322db1cf0460d73f755a_NeikiAnalytics.exe
Size

9.0MB
MD5

72111bc05c3b39ac1c84a2f609a3abc0
SHA1

3d2fd92da3ad20e1bb9cd9b5ec16dff3ff7b1a35
SHA256

446fef8b7ed7ef0d0f68b55b20ba05ccbc8e18c8c206322db1cf0460d73f755a
SHA512

4d234af8001e4cb27dae10ec5422fdf28dc261ebe5e6ef573b6ff1cd0362abbd3409660f4c432770d6a869eede95e1c9644a95d4bca5399348000d7b55bdf293
SSDEEP

98304:a8ek2Ph055PfECL8BHeTLIOsRStl2Cp/c8DSqpKZVxfNqn80iPChzIB:apkgcdfrMeTLIOsuKzqnxe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
446fef8b7ed7ef0d0f68b55b20ba05ccbc8e18c8c206322db1cf0460d73f755a_NeikiAnalytics.exe

Files

446fef8b7ed7ef0d0f68b55b20ba05ccbc8e18c8c206322db1cf0460d73f755a_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

b7408394ff5275ee220550a8b796455d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteW
ShellExecuteA

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetThreadLocale
GetACP
MapViewOfFile
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
UnmapViewOfFile
GetSystemInfo
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsAlloc
RaiseException
Sleep
GetTempPathA
FindClose
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
CreateEventW
CreateEventA
CreateFileA
CreateFileMappingA
FindFirstFileW
FindFirstFileA
GetCommandLineW
GetCommandLineA
GetVersionExW
TlsSetValue
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
TerminateProcess
CloseHandle
GetCurrentProcessId

ws2_32

WSAGetLastError
WSAStartup
WSACleanup

msvcp80

?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??1strstreambuf@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
towctrans
wctype
wctrans

msvcr80

_fpclass
fread
fwrite
fgetpos
fsetpos
rewind
fgets
_finite
fputs
fputws
fgetc
fputc
__iob_func
_mbsupr
exit
_purecall
longjmp
_set_sbh_threshold
realloc
strncat
_mbsnccnt
_tempnam
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
fgetws
free
malloc
atoi
strncmp
strrchr
_errno
memcpy
memmove
setlocale
??3@YAXPAX@Z
mbtowc
wctomb
isalpha
isupper
islower
isdigit
isxdigit
isspace
ispunct
isalnum
isprint
isgraph
iscntrl
toupper
tolower
bsearch
__CxxFrameHandler3
??2@YAPAXI@Z
strchr
mblen
??_V@YAXPAX@Z
printf
strstr
_strnicmp
_putenv
_snprintf
getenv
qsort
memset
strncpy
_utime32
_wutime32
_stat32
memchr
_fileno
_wgetenv
_wputenv
_waccess
_wchmod
_wmkdir
_wrmdir
_wchdir
_getcwd
_wgetcwd
_wgetdcwd
_wcreat
?_open@@YAHPBDHH@Z
?_wopen@@YAHPB_WHH@Z
?_sopen@@YAHPBDHHH@Z
?_wsopen@@YAHPB_WHHH@Z
_wunlink
_wremove
_wrename
_wfindfirst32
_wfindfirst64
_wfindfirst32i64
_wstat32
_wstat64
_wstat32i64
_wutime64
mbrlen
_mbscspn
_mbsspn
_mbsstr
_wexecv
_execve
_wexecvp
_execvpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_wsystem
_pclose
ferror
feof
_lock_file
_unlock_file
fflush
fclose
ungetc
ungetwc
_strlwr
_strupr
_wtmpnam
_wtempnam
_mktemp
wcsftime
mbrtowc
wcrtomb
mbsrtowcs
wcsrtombs
_strtoi64
_strtoui64
strtoul
_isnan
strtod
sprintf
strtol
_fread_nolock
_filbuf
fgetwc
_fwrite_nolock
_flsbuf
fputwc
fseek
ftell
_mbclen
tmpfile
_wpopen
_wfdopen
_wfreopen
_wfsopen
_fsopen
_wfopen
_popen
_fdopen
freopen
fopen
strftime
_utime64
_stat32i64
_stat64
_findfirst32i64
_findfirst64
_findfirst32
rename
remove
_unlink
_getdcwd
_creat
_chdir
_rmdir
_mkdir
_chmod
_access
tmpnam
system
_execvp
_execv
_stricmp
_strnicoll
_stricoll
_strncoll
strcoll
_wcsnicmp
_wcsicmp
wcsxfrm
wcscoll
wctob
btowc
iswctype
towlower
towupper
iswcntrl
iswgraph
iswprint
iswalnum
iswpunct
iswspace
iswxdigit
iswdigit
iswlower
iswupper
iswalpha
_mbslwr
_mbsnbcnt

Exports

Exports

WinMain

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7408394ff5275ee220550a8b796455d

Headers

File Characteristics

Imports

advapi32

shell32

kernel32

ws2_32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 238KB

.rdata Size: 8.7MB - Virtual size: 8.7MB

.data Size: 12KB - Virtual size: 77KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 240KB - Virtual size: 238KB

.rdata
Size: 8.7MB - Virtual size: 8.7MB

.data
Size: 12KB - Virtual size: 77KB

.rsrc
Size: 8KB - Virtual size: 4KB