67d04e646617c36accc52eaeb155d6302c61df48d71b758750d5eb3047983007_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

67d04e646617c36accc52eaeb155d6302c61df48d71b758750d5eb3047983007_NeikiAnalytics.exe
Size

1.2MB
MD5

cd3ff6387740f110cb83025ccf9457a0
SHA1

696ee730f4174114604cc7396bdf85f341f06e3d
SHA256

67d04e646617c36accc52eaeb155d6302c61df48d71b758750d5eb3047983007
SHA512

a73c1e3c582bbaefcf143dc81b256db7827861000b2211391d59dd84dbf6091887d179f49808997409129ed7be4293007430b1889d21714627858fe388038454
SSDEEP

24576:LWAzUWogzfLW7n57nc1S5HumdsXqrbS0gBBEknpsAaNEqYTJdP:LWAzUWouqNHuPeSZRsC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67d04e646617c36accc52eaeb155d6302c61df48d71b758750d5eb3047983007_NeikiAnalytics.exe

Files

67d04e646617c36accc52eaeb155d6302c61df48d71b758750d5eb3047983007_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

4f88df06de31749549347b79d22d7af4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesExW
ReadFile
SetEndOfFile
SetFileAttributesW
DuplicateHandle
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
LoadLibraryW
CreateFileMappingA
FileTimeToSystemTime
SystemTimeToFileTime
GetUserDefaultLangID
K32GetProcessImageFileNameW
CreatePipe
PeekNamedPipe
GetExitCodeProcess
OpenProcess
GenerateConsoleCtrlEvent
VerSetConditionMask
GetEnvironmentVariableA
GetEnvironmentVariableW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetShortPathNameW
GetVolumeInformationW
OutputDebugStringA
GetVersionExA
GetVersionExW
GetModuleFileNameA
GetModuleHandleA
VerifyVersionInfoW
InitializeCriticalSection
ResumeThread
SetWaitableTimer
CreateWaitableTimerA
GetCurrentDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
OpenThread
FileTimeToLocalFileTime
GetProcessId
GetThreadContext
ReadProcessMemory
MapViewOfFile
CreateToolhelp32Snapshot
Thread32First
Thread32Next
K32GetModuleFileNameExA
UnlockFile
WaitForSingleObjectEx
CreateProcessW
IsWow64Process
HeapCreate
HeapSetInformation
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SetCurrentDirectoryA
CreateDirectoryA
CreateDirectoryW
DeleteFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
GetFileTime
GetFullPathNameW
GetFullPathNameA
GetLogicalDrives
GetTempFileNameW
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
GetTempFileNameA
SetHandleInformation
CreateProcessA
GetSystemTime
CreateDirectoryExA
CreateDirectoryExW
CopyFileA
CopyFileW
CopyFileExA
CopyFileExW
MoveFileA
MoveFileW
MoveFileExA
MoveFileExW
SetVolumeLabelA
SetVolumeLabelW
GetComputerNameA
GetComputerNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
CreateEventExW
SwitchToThread
IsDBCSLeadByteEx
SetConsoleMode
SetErrorMode
DeviceIoControl
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
DecodePointer
ReadConsoleW
QueryPerformanceFrequency
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
SetFileTime
GetFileInformationByHandle
GetTempPathW
SystemTimeToTzSpecificLocalTime
RtlUnwind
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetDllDirectoryA
ReadConsoleInputW
LoadLibraryA
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
GetTimeFormatW
CompareStringW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
OutputDebugStringW
GetCurrentThread
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
QueryPerformanceCounter

user32

MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
TranslateMessage

wsock32

__WSAFDIsSet
accept
bind
closesocket
connect
WSAGetLastError
getpeername
gethostname
socket
gethostbyname
htonl
WSAStartup
inet_ntoa
WSACleanup
getsockname
getsockopt
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown
gethostbyaddr

advapi32

LookupAccountSidA
LookupAccountSidW
LookupAccountNameA
LookupAccountNameW
GetUserNameA
OpenThreadToken
AccessCheck
GetFileSecurityW
ImpersonateSelf
RevertToSelf
RegCloseKey
RegConnectRegistryA
RegConnectRegistryW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegOpenKeyA
RegOpenKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
SetFileSecurityW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

ws2_32

freeaddrinfo
getaddrinfo
getnameinfo

netapi32

NetRemoteTOD
NetApiBufferFree

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
WNetGetConnectionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ucore46

??2UMemory@icu@@SAPEAX_K@Z
??3UMemory@icu@@SAXPEAX@Z
ucnv_compareNames
ucnv_open
ucnv_close
ucnv_reset
ucnv_resetToUnicode
ucnv_resetFromUnicode
ucnv_getMaxCharSize
ucnv_getName
ucnv_getUnicodeSet
ucnv_setToUCallBack
ucnv_setFromUCallBack
ucnv_fromUnicode
utf8_prevCharSafeBody
ucnv_fromUChars
ucnv_convertEx
ucnv_countAliases
ucnv_getAliases
ucnv_setFallback
ucnv_fromUCountPending
ucnv_toUCountPending
u_islower
u_isupper
u_isdigit
u_isalpha
u_isalnum
u_isxdigit
u_ispunct
u_isgraph
u_isblank
u_isspace
u_iscntrl
u_isprint
u_tolower
u_toupper
??0UnicodeSet@icu@@QEAA@XZ
u_memcpy
utf8_nextCharSafeBody
ucasemap_close
ucase_toFullFolding
ucase_toFullLower
ucase_toFullUpper
ucase_tolower
ucase_toupper
ucase_fold
uloc_getDefault
uloc_setDefault
uloc_getLanguage
uloc_getCountry
uloc_getDisplayLanguage
uloc_getDisplayCountry
uloc_getISOLanguages
uloc_getISOCountries
ubrk_close
u_init
u_cleanup
ucnv_cbFromUWriteBytes
ucnv_cbToUWriteUChars
ucasemap_open
ucnv_toUnicode

Exports

Exports

?CurrentKind@btkEvent@@1HA
?PRO_MACHINE_TYPE@@3PEBDEB
?PRO_OS_TYPE@@3PEBDEB
?StdStream@btkProcess@@2VDefaultStream@1@A
?mbsMode@btkMBStrFunc@@0PEAVbtkOBSFunc@@EA

Sections

.text
Size: 875KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.datapro
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f88df06de31749549347b79d22d7af4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wsock32

advapi32

ws2_32

netapi32

mpr

version

ucore46

Exports

Exports

Sections

.text Size: 875KB - Virtual size: 875KB

.rdata Size: 229KB - Virtual size: 229KB

.data Size: 71KB - Virtual size: 269KB

.pdata Size: 52KB - Virtual size: 51KB

.datapro Size: 512B - Virtual size: 60B

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 875KB - Virtual size: 875KB

.rdata
Size: 229KB - Virtual size: 229KB

.data
Size: 71KB - Virtual size: 269KB

.pdata
Size: 52KB - Virtual size: 51KB

.datapro
Size: 512B - Virtual size: 60B

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 11KB - Virtual size: 10KB