6433886d5f5d4eeb2ac17b5ac7f4ced80948922ef87877fdd9fdd90c2d57b8f9_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6433886d5f5d4eeb2ac17b5ac7f4ced80948922ef87877fdd9fdd90c2d57b8f9_NeikiAnalytics.exe
Size

616KB
MD5

d887968bca83ad09e46113aec3065090
SHA1

a661552a1c5bb40e34db9deb12a3612d67bc5b86
SHA256

6433886d5f5d4eeb2ac17b5ac7f4ced80948922ef87877fdd9fdd90c2d57b8f9
SHA512

e5fbd234278b9f27f881c558f8b4ff9eb9224186789377a7cc6fb9f7ea131fdddce758d6e1e1e2bfdecb99328c772d76243d4f3a639ba6325c38f74e5532b36c
SSDEEP

12288:WtFXqVf9Z4sd4WixPaMhqHxBBr2E+2v9mc/dLvLQ67xA6QJnzYTQhAhnh7hkKtpg:3LBxrjEkxc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6433886d5f5d4eeb2ac17b5ac7f4ced80948922ef87877fdd9fdd90c2d57b8f9_NeikiAnalytics.exe

Files

6433886d5f5d4eeb2ac17b5ac7f4ced80948922ef87877fdd9fdd90c2d57b8f9_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

3a1243bb8d9245a09ffa8c1ca68acdc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\OLD_ROBOBAK\release\RemoteSQLBackupService32.pdb

Imports

kernel32

OpenProcess
GetFileTime
TerminateProcess
HeapAlloc
SetLastError
HeapFree
SystemTimeToFileTime
WaitForSingleObject
LocalFileTimeToFileTime
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
CreateFileW
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
FlushFileBuffers
DisconnectNamedPipe
WaitNamedPipeW
Sleep
GetFileSizeEx
GetCurrentProcess
FormatMessageW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
ResetEvent
CreateDirectoryW
GetCommandLineW
GetVersionExW
CreateThread
GetLastError
ResumeThread
TerminateThread
GetProcessHeap
lstrlenW
InterlockedCompareExchange
InterlockedExchange
FormatMessageA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
VirtualAlloc
GetModuleHandleA
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
ExitProcess
GetStringTypeA
GetStringTypeW
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
HeapSize
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
CloseHandle
ExitThread
GetCurrentThreadId
GetLocalTime
ConnectNamedPipe
CreateNamedPipeW
InterlockedDecrement
InterlockedIncrement
WriteFile
ReadFile
GetModuleFileNameW
GetEnvironmentVariableW
CreateEventA
ReleaseSemaphore
GetComputerNameA
GetComputerNameW
Process32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
OpenEventW
LoadLibraryW
lstrcpyW
LocalAlloc
CreateMutexA
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
GetFileAttributesExW

advapi32

AdjustTokenPrivileges
OpenProcessToken
OpenServiceW
QueryServiceStatus
ControlService
QueryServiceConfigW
EnumServicesStatusExW
CloseServiceHandle
OpenSCManagerW
DeleteService
LsaNtStatusToWinError
LookupPrivilegeValueW
LsaOpenPolicy
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
LogonUserW
LsaAddAccountRights
LsaLookupNames
GetSidSubAuthorityCount
GetSidLengthRequired
LsaFreeMemory
CopySid
GetSidSubAuthority

ole32

CoCreateGuid
StringFromGUID2
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringLen

shlwapi

PathRemoveFileSpecW

user32

SendMessageW
GetCursor

shell32

ShellExecuteW

mpr

WNetUseConnectionW
WNetCancelConnection2W

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

secur32

GetUserNameExW

odbc32

ord111
ord236
ord24
ord31
ord13
ord141
ord75
ord43
ord9

Sections

.text
Size: 476KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a1243bb8d9245a09ffa8c1ca68acdc7

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

user32

shell32

mpr

rpcrt4

secur32

odbc32

Sections

.text Size: 476KB - Virtual size: 472KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 20KB - Virtual size: 28KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 4KB - Virtual size: 908B

.text
Size: 476KB - Virtual size: 472KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 20KB - Virtual size: 28KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 908B