4085424728341a50a0b69a3bb865a8e2878f86f3f83bbf6190b985b2ba136b54_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

4085424728341a50a0b69a3bb865a8e2878f86f3f83bbf6190b985b2ba136b54_NeikiAnalytics.exe
Size

405KB
MD5

4c762e2e492ba83b7ed91810232ee2c0
SHA1

1243c31014dcef5a0e942f71309034ca60f5e82f
SHA256

4085424728341a50a0b69a3bb865a8e2878f86f3f83bbf6190b985b2ba136b54
SHA512

212d61e6735e12ec04e8162fdcddbf220476bc31c3183614e3cec71291bfd24463c73bedf83dc70f1261e37d84f3a5202ba3c4d2f35312b06516308f8d85e9a3
SSDEEP

6144:MqtAOxysCFX6ztkKL3btNTYIl8/FXeXLYs6AOD/QLWO9I44AHJZqoZUT5+2EuIn:bzys4X6SKDRifYLYzqCkzZUV+aK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4085424728341a50a0b69a3bb865a8e2878f86f3f83bbf6190b985b2ba136b54_NeikiAnalytics.exe

Files

4085424728341a50a0b69a3bb865a8e2878f86f3f83bbf6190b985b2ba136b54_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

c969ce074e40f44b7cd9d4178193df13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcsrchr
??2@YAPAXI@Z
strncmp
wcscmp
wcscpy

gdi32

EngLockSurface
EngStretchBltROP
EngLoadModule
EngFreeModule
EngGetDriverName
EngFindResource
EngQueryLocalTime
EngDeleteSurface
EngUnlockSurface
EngBitBlt
EngAssociateSurface
EngCreateBitmap
EngEraseSurface
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngPaint
EngLineTo
EngTextOut

kernel32

SetLastError
lstrcmpiW
lstrlenW
GlobalAlloc
GlobalFree
DebugBreak
IsBadWritePtr
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapAlloc
IsBadReadPtr
lstrcpyW
lstrcatW
WideCharToMultiByte
GetProcessHeap
_lclose
OpenFile
GetLastError
_lread

winspool.drv

GetPrinterDriverW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ