4d1fec40ba9ddc2f16258b56d0db04d72931bdc0425755cfca000b56c36b9660_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4d1fec40ba9ddc2f16258b56d0db04d72931bdc0425755cfca000b56c36b9660_NeikiAnalytics.exe
Size

63KB
MD5

bf2487ccac4a433225335c8bc74ed730
SHA1

2e19d4a212c05fda48549d9da5e76896ebdc24be
SHA256

4d1fec40ba9ddc2f16258b56d0db04d72931bdc0425755cfca000b56c36b9660
SHA512

ae5ca5f8ff27d09f89ecc1d360ce89230a7b819f3f9cc3c9e299b4e2c78ddb0aa22ebcb0d5d495e978cfab8556a587243ec61faebbb7a9fc8056520e77ad0824
SSDEEP

768:z8MELUD8Afuv8lQbLi6yviGVR52VV1ps22ZX4XKy6VfJc/2OWL:zmLU8AML8qGTQP9pXKykfJc/2OW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d1fec40ba9ddc2f16258b56d0db04d72931bdc0425755cfca000b56c36b9660_NeikiAnalytics.exe

Files

4d1fec40ba9ddc2f16258b56d0db04d72931bdc0425755cfca000b56c36b9660_NeikiAnalytics.exe
.dll windows:10 windows x64 arch:x64

5bc060d37b9fc5147f3c24d893382467

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UserDataPlatformHelperUtil.pdb

Imports

msvcrt

_unlock
_XcptFilter
__dllonexit
_amsg_exit
_lock
_initterm
__C_specific_handler
_onexit
??1type_info@@UEAA@XZ
memset
_callnewh
memcpy_s
_vsnwprintf
free
rand
__CxxFrameHandler3
srand
_purecall
?raw_name@type_info@@QEBAPEBDXZ
memmove
malloc

RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
RpcImpersonateClient
RpcRevertToSelf
RpcStringFreeW
IsDebuggerPresent
SetLastError
RaiseException
GetLastError
LeaveCriticalSection
EnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
InitializeCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitOnceExecuteOnce
Sleep
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress
GetModuleHandleW
EventUnregister
EventRegister
CreateFileW
GetTempFileNameW
GetFileAttributesW
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
CloseHandle
ord290
LocalFree
LocalAlloc
PathMatchSpecW
PathFindExtensionW
StrStrIW
RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegCloseKey
MakeSelfRelativeSD
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
MakeAbsoluteSD
GetCurrentThreadId
GetCurrentProcessId
OpenProcess
OpenThreadToken
GetCurrentThread
ControlService
NtQueryInformationThread
NtSetInformationThread
GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc
QueryPerformanceCounter
RtlCaptureCo

Exports

Exports

??0CalculateSize@Comms@@QEAA@_N0@Z
??0Deserializer@Comms@@QEAA@PEBE0_N1@Z
??0RpcClient@Comms@@QEAA@XZ
??0SecureRpcClient@Comms@@QEAA@XZ
??0SerializeBuffer@Comms@@QEAA@AEBVCalculateSize@1@_N1@Z
??1Deserializer@Comms@@QEAA@XZ
??1RpcClient@Comms@@QEAA@XZ
??1SecureRpcClient@Comms@@UEAA@XZ
?CopyBytesIn@CalculateSize@Comms@@UEAAXPEBX_KAEBVtype_info@@@Z
?CopyBytesIn@SerializeBuffer@Comms@@UEAAXPEBX_KAEBVtype_info@@@Z
?CopyBytesOut@Deserializer@Comms@@QEAA_NPEAX_KAEBVtype_info@@@Z
?DeserializeObject@Comms@@YA_NAEAVDeserializer@1@AEAPEAD@Z
?DeserializeObject@Comms@@YA_NAEAVDeserializer@1@AEAPEAG@Z
?DeserializeObject@Comms@@YA_NAEAVDeserializer@1@AEAPEBD@Z
?DeserializeObject@Comms@@YA_NAEAVDeserializer@1@AEAPEBG@Z
?DeserializeObject@Comms@@YA_NAEAVDeserializer@1@AEAV?$basic_string@GU?$char_traits@G@utl@@V?$allocator@G@2@@utl@@@Z
?DeserializeObject@Comms@@YA_NAEAVDeserializer@1@AEAV?$vector@EV?$allocator@E@utl@@@utl@@@Z
?DeserializeObject@Comms@@YA_NAEAVDeserializer@1@AEAVNullType@detail@1@@Z
?DeserializeObject@Comms@@YA_NAEAVDeserializer@1@AEBVNullType@detail@1@@Z
?GetBuffer@Deserializer@Comms@@QEAAPEAX_K@Z
?GetBuffer@SerializeBuffer@Comms@@QEAAXAEAV?$vector@EV?$allocator@E@utl@@@utl@@@Z
?GetBuffer@SerializeBuffer@Comms@@QEBAPEBV?$vector@EV?$allocator@E@utl@@@utl@@XZ
?GetTotal@CalculateSize@Comms@@QEBA_KXZ
?Initialize@SerializeBuffer@Comms@@QEAA_NXZ
?InitializeBinding@RpcClient@Comms@@QEAAJPEBGAEAPEAX@Z
?ReleaseBuffer@Deserializer@Comms@@QEAAXPEBX@Z
?SerializeObject@Comms@@YAXAEAVSerializeBase@1@AEBV?$basic_string@GU?$char_traits@G@utl@@V?$allocator@G@2@@utl@@@Z
?SerializeObject@Comms@@YAXAEAVSerializeBase@1@AEBV?$vector@EV?$allocator@E@utl@@@utl@@@Z
?SerializeObject@Comms@@YAXAEAVSerializeBase@1@AEBVNullType@detail@1@@Z
?SerializeObject@Comms@@YAXAEAVSerializeBase@1@PEBD@Z
?SerializeObject@Comms@@YAXAEAVSerializeBase@1@PEBG@Z
?_InitializeSecureRpcBinding@SecureRpcClient@Comms@@IEAAJPEBG0@Z
ConvertHtmlStringToPlainTextStringOneCore
CreateKnownFolderPath
CreateStreamFromBitmap
CropAndResizeImageByDimension
DefaultMakeHresultFromJetError
DllCanUnloadNow
DllGetClassObject
FreeEnumColumn
GenerateUserModeServiceName
GetCalendarColors
GetCombinedTransientObjectSecurityDescriptor
GetContentTypeFromFilePath
GetFileExtensionFromContentType
GetImageInfoFromStream
GetNextNewCalendarColor
GetQueryProcessHandle
GetRpcClientThreadToken
GetSupportedImageFileExtensions
GetTempFileNameWithExt
GetThreadIOPriority
GetUserContextFromHandle
GetUserTokenFromContext
IsActiveDebugger
IsCommsSystemService
IsImageExtension
JetReallocMethod
PrependHtmlOneCore
ResizeImageByDimension
ResizeImageByDimensionInterpolationMode
ResizeImageBySizeInMemory
ResizeImageBySizeToStream
SetCommsServiceJetGlobalSystemParameters
SetPoolThreadBasePriority
SetThreadIOPriority
StartAndWaitForService
StartAndWaitForServiceForUser
StopAndWaitForService
UT_UninitializeTrident

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bc060d37b9fc5147f3c24d893382467

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 380B

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 380B