5e4047b79d88373816837e4382ad52edd1038c583882eb82de6f8d111581ac2b_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5e4047b79d88373816837e4382ad52edd1038c583882eb82de6f8d111581ac2b_NeikiAnalytics.exe
Size

90KB
MD5

666556bb6eab678fb9b4226f162487b0
SHA1

562c56b3bb73c3e868e2968caea4209d0df4760f
SHA256

5e4047b79d88373816837e4382ad52edd1038c583882eb82de6f8d111581ac2b
SHA512

1ec4ce3d654eb8fab39a9bd03b06f9e46e4eda8255eb79e96af63dcc3ada7699f3dec34055bfe652ab30dfc3998dbcc93d1b0c1a9278608f784c782eca30bbda
SSDEEP

1536:pbDkW43Hc8KRahHQbZWM5L6tWGkTYwyd99fkobdUNtRXwGCq2iW7z:z43vwbjutWGkTtyd998jRgGCH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e4047b79d88373816837e4382ad52edd1038c583882eb82de6f8d111581ac2b_NeikiAnalytics.exe

Files

5e4047b79d88373816837e4382ad52edd1038c583882eb82de6f8d111581ac2b_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

7f28c92cc0adb048f8e20aca3739918f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

signtool.pdb

Imports

mfc42

ord539
ord850
ord6158
ord853
ord833
ord836
ord2813
ord800
ord1572

msvcrt

wcspbrk
wcsncpy
wcsstr
_wsetlocale
free
_wcslwr
malloc
_wcsnicmp
wcscpy
_wcsicmp
wcslen
wcsncmp
swscanf
wprintf
_iob
fwprintf
_c_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
swprintf
printf
_exit
__CxxFrameHandler
wcscmp

kernel32

CreateFileW
LocalFree
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleHandleA
FreeLibrary
FindClose
GetCurrentDirectoryW
LoadLibraryA
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
SystemTimeToFileTime
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
CreateFileA
SetLastError
FormatMessageW
GetCurrentProcessId
FormatMessageA
lstrlenW
LocalAlloc
LoadLibraryW
lstrlenA
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetModuleFileNameA
GetModuleFileNameW
GetVersionExA
UnhandledExceptionFilter

crypt32

CryptEncodeObject
CertCloseStore
CertFreeCertificateContext

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
GetErrorInfo
VariantInit
SysAllocString
VariantTimeToSystemTime
SysStringByteLen
VariantClear

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

cryptui

CryptUIWizDigitalSign

shlwapi

PathCanonicalizeW
PathRemoveFileSpecW
PathIsRelativeW
PathAppendW

advapi32

RegEnumKeyExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyA
RegCloseKey

user32

LoadStringA
LoadStringW

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

� [�uL
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f28c92cc0adb048f8e20aca3739918f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42

msvcrt

kernel32

crypt32

ole32

oleaut32

wintrust

cryptui

shlwapi

advapi32

user32

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 17KB

.rsrc Size: 31KB - Virtual size: 31KB

� [�uL Size: 16KB - Virtual size: 20KB

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 17KB

.rsrc
Size: 31KB - Virtual size: 31KB

� [�uL
Size: 16KB - Virtual size: 20KB